diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
new file mode 100644
index 00000000..342cc272
--- /dev/null
+++ b/.devcontainer/Dockerfile
@@ -0,0 +1,16 @@
+FROM php:8.1.13-cli
+
+RUN apt-get update && apt-get install -y vim git sudo
+
+RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
+ && php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" \
+ && php composer-setup.php \
+ && php -r "unlink('composer-setup.php');" \
+ && sudo mv composer.phar /usr/local/bin/composer
+
+ARG USERNAME=developer
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+RUN groupadd --gid $USER_GID $USERNAME \
+ && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 00000000..174dee0c
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,7 @@
+{
+ "name": "progpilot-linux",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ "remoteUser": "developer"
+}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 495b0f8c..e34be740 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -10,8 +10,9 @@ jobs:
strategy:
matrix:
php-version:
- - "7.3"
- "7.4"
+ - "8.0"
+ - "8.1"
steps:
- name: "Checkout"
uses: "actions/checkout@v2"
diff --git a/.gitignore b/.gitignore
index cd9da0b9..e11208c6 100755
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@ articles/
builds/*.phar
projects/tests/vendor
projects/tests/composer.lock
+projects/tests/.phpunit.result.cache
projects/example/vendor
projects/example/composer.lock
projects/example_config/vendor
diff --git a/composer.json b/composer.json
index 01c50308..e006082a 100644
--- a/composer.json
+++ b/composer.json
@@ -9,19 +9,26 @@
}
],
"require": {
- "php": ">=7.2.5",
- "ircmaxell/php-cfg": "1.0.x-dev",
+ "php": ">=7.4",
+ "ircmaxell/php-cfg": "^0.6.0",
"symfony/yaml": ">=3.3.6",
- "symfony/console": ">=3.3.5"
+ "symfony/console": ">=3.3.5",
+ "myclabs/deep-copy": "^1.10.2"
},
"require-dev": {
- "phpunit/phpunit": "^6.0",
- "phpro/grumphp": "^1.3"
+ "phpunit/phpunit": "^8.0 || ^9.0",
+ "phpro/grumphp": "^1.3",
+ "squizlabs/php_codesniffer": "^3.5"
},
"bin": ["projects/phar/progpilot"],
"autoload": {
"psr-0": {
"progpilot": "package/src"
}
+ },
+ "config": {
+ "allow-plugins": {
+ "phpro/grumphp": true
+ }
}
}
diff --git a/docs/API.md b/docs/API.md
index 04cbc935..372a4870 100644
--- a/docs/API.md
+++ b/docs/API.md
@@ -20,17 +20,20 @@ To retrieve the value of $file, $code and $folder use these methods:
***
- $obj_context->inputs->setLanguages($array);
Languages you want to analyze (["php", "js"] but js is in development), default is *["php"]*
-- $obj_context->inputs->setFrameworks($array);
-Frameworks you want to analyze (default is *["suitecrm", "codeigniter"]*)
- $obj_context->inputs->setDev($bool);
If you want to use security data relative to development of progpilot (default is *false*)
***
***
+- $obj_context->inputs->addSources($files_sources);
- $obj_context->inputs->setSources($files_sources);
+- $obj_context->inputs->addSinks($files_sinks);
- $obj_context->inputs->setSinks($files_sinks);
+- $obj_context->inputs->addSanitizers($files_sanitizers);
- $obj_context->inputs->setSanitizers($files_sanitizers);
+- $obj_context->inputs->addValidators($files_validators);
- $obj_context->inputs->setValidators($files_validators);
+- $obj_context->inputs->addCustomRules($files_custom);
- $obj_context->inputs->setCustomRules($files_custom);
- $obj_context->inputs->getCustomRules();
- $obj_context->inputs->getSources();
@@ -49,15 +52,15 @@ These functions are explained in the chapter about [**handling false positives**
***
***
-- $obj_context->inputs->setIncludes($mixed);
-- $obj_context->inputs->setExcludes($mixed);
+- $obj_context->inputs->setInclusions($mixed);
+- $obj_context->inputs->setExclusions($mixed);
For include or exclude files and folders during the analysis, see an [**example here**](./../projects/tests/exclude_files.json) with a json file configuration and an [**example here**](./../projects/tests/run_exclude_files.php) with a php array.
***
## Outputs
***
-- $obj_context->outputs->resolveIncludes($bool);
-- $obj_context->outputs->resolveIncludesFile($file);
+- $obj_context->outputs->setWriteIncludeFailures($bool);
+- $obj_context->outputs->setIncludeFailuresFile($file);
These functions are explained in the chapter about [**included files**](./INCLUDES.md)
- $obj_context->outputs->getAst();
- $obj_context->outputs->getCfg();
@@ -72,25 +75,19 @@ print the number of files analyzed (it does not count the included files (with *
## Options
***
-- $obj_context->setLimitDefs($nb);
+- $obj_context->setMaxDefinitions($nb);
to prevent memory exhaustion you could limit the number of definitions by file during the analysis (default is *3000*)
-- $obj_context->setLimitTime($time_sec);
+- $obj_context->setMaxFileAnalysisDuration($time_sec);
max execution time by file for some steps of the analysis (default is *10 seconds*)
-- $obj_context->setLimitSize($size_bytes);
+- $obj_context->setMaxFileSize($size_bytes);
do not analyze file that are larger than this defined size (default is 500 000 bytes)
-- $obj_context->setPrintFile($bool);
-*true* if you want to print the name of files analyzed by progpilot, default is *false*
-- $obj_context->setPrintWarning($bool);
-*true* if you want to print warnings during the analysis, default is *false*
+- $obj_context->setDebugMode($bool);
+*true* if you want to output warnings during the analysis, default is *false*
- $obj_context->setPrettyPrint($bool);
*true* if you want to pretty print the JSON output of standalone progpilot application, default is *true*
-- $obj_context->setAnalyzeFunctions($bool);
-*true* if you want to analyze all functions (*false* only *main function* is analyzed), default is *true*
- $obj_context->setAnalyzeIncludes($bool);
*true* or *false* if you want to analyze included files, default is *true*
- $obj_context->setConfiguration($config);
you can use an yaml file to specify the configuration of analysis, see an [**example here**](./../projects/example_config/configuration.yml).
-- $obj_context->setAnalyzeHardRules($bool);
-If you want to check custom rules that can take a lot a time (default is false)
These rules are explained in the chapter [**customize an analyze**](./CUSTOM_ANALYSIS.md)
***
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index 03addf1c..c22d6292 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -16,21 +16,7 @@ That will allow the ability of contributors to reproduce the bug.
All php code must adhere to [PSR-2 standard](https://www.php-fig.org/psr/psr-2/) (except for tests).
### GrumPHP
-Developers can use [GrumPHP](https://github.com/phpro/grumphp/) to ensure each progpilot commit reaches code style (phpcs) and security (progpilot itself) requirements.
-Install GrumPHP globally or in the progpilot repository:
-```shell
-composer require --dev phpro/grumphp
-```
-Install the [required tasks](../grumphp.yml) for Progpilot:
-```shell
-composer config minimum-stability dev
-composer require --dev squizlabs/php_codesniffer
-composer require --dev designsecurity/progpilot
-```
-Configure the following env variable to instruct GrumPHP to locate tasks executables:
-```shell
-export GRUMPHP_BIN_DIR="/path/to/vendor/bin"
-```
+Developers can use [GrumPHP](https://github.com/phpro/grumphp/) to ensure each progpilot commit reaches code style (phpcs) requirements.
### Frameworks support
Most of the time the analysis of progpilot can be extended simply with adding the corresponding [sources, sinks, validators and sanitizers](./SPECIFY_ANALYSIS.md): look at how it was done for [current frameworks](https://github.com/designsecurity/progpilot/tree/master/package/src/uptodate_data/php/frameworks).
diff --git a/docs/FAQ.md b/docs/FAQ.md
index 24cc4008..eaaab659 100644
--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@@ -1,7 +1,7 @@
# FAQ
#### Which version of PHP do I need?
-The minimum version of PHP needed to run Progpilot is 7.2.5
+The minimum version of PHP needed to run Progpilot is 7.4
#### Where can I find the updated security files configuration (sinks, sources, validators, sanitizers and rules) of Progpilot?
You can find the updated security files configuration of Progpilot in [package/src/uptodate_data](../package/src/uptodate_data) folder.
@@ -11,8 +11,8 @@ Example of control flow graph and call graph of source code transformed to dot f
#### When I use progpilot I often run out of memory?
Static analyzers use a lot of memory but you could try to handle this with [these functions](./API.md):
-- *$obj_context->setLimitDefs($nb);*
-- *$obj_context->setLimitSize($size_bytes);*
+- *$obj_context->setMaxDefinitions($nb);*
+- *$obj_context->setMaxFileSize($size_bytes);*
And by increasing the maximum memory amount for a script (*memory_limit*) in the configuration of PHP (*php.ini*).
@@ -20,4 +20,3 @@ And by increasing the maximum memory amount for a script (*memory_limit*) in the
At this moment, these frameworks are supported:
- suiteCRM
- codeIgniter
-- wordpress
diff --git a/docs/INCLUDES.md b/docs/INCLUDES.md
index 115fb1de..6781c159 100644
--- a/docs/INCLUDES.md
+++ b/docs/INCLUDES.md
@@ -13,13 +13,13 @@ include($dir."myfile$suf.php");
```
To bypass this limitation use these functions:
-- $obj_context->outputs->resolveIncludes($bool);
-- $obj_context->outputs->resolveIncludesFile($file);
+- $obj_context->outputs->setWriteIncludeFailures($bool);
+- $obj_context->outputs->setIncludeFailuresFile($file);
When *$bool* set to *true* and *$file* set to *resolve_includes.json* for example
For each include not resolved an entry will be printed in the *$file* with the location of the include function (file, line, column):
```javascript
-{"includes_not_resolved":[["/home/dev/projects/tests/includes/simple5.php",11,11]]}
+{"include_failures":[["/home/dev/projects/tests/includes/simple5.php",11,11]]}
```
Next create a *resolved_includes.json* file with the good value for each include function call:
```javascript
diff --git a/docs/SPECIFY_ANALYSIS.md b/docs/SPECIFY_ANALYSIS.md
index ee2e5498..0e821caa 100644
--- a/docs/SPECIFY_ANALYSIS.md
+++ b/docs/SPECIFY_ANALYSIS.md
@@ -9,6 +9,7 @@ To specify the way vulnerabilities are detected, customize the sources, sinks, s
## Configure sources
- $obj_context->inputs->setSources($files_sources);
+- $obj_context->inputs->addSources($files_sources);
- $obj_context->inputs->getSources();
Where *$file_sources* is a json file (or an array of json files) like below:
@@ -32,6 +33,7 @@ Optional properties:
## Configure sanitizers
- $obj_context->inputs->setSanitizers($file_sanitizers);
+- $obj_context->inputs->addSanitizers($file_sanitizers);
- $obj_context->inputs->getSanitizers();
Where *$file_sanitizers* is a json file (or an array of json files) like below:
@@ -63,6 +65,7 @@ Optional properties:
## Configure sinks
- $obj_context->inputs->setSinks($file_sinks);
+- $obj_context->inputs->addSinks($file_sinks);
- $obj_context->inputs->getSinks();
Where *$file_sinks* is a json file (or an array of json files) like below:
@@ -88,6 +91,7 @@ Optional properties:
- [instanceof](#instanceof-property), [prevent](#prevent-property), [parameters](#parameters-property)
## Configure validators
+- $obj_context->inputs->addValidators($file_validators);
- $obj_context->inputs->setValidators($file_validators);
- $obj_context->inputs->getValidators();
diff --git a/docs/dev/STATES.md b/docs/dev/STATES.md
new file mode 100644
index 00000000..942d61a2
--- /dev/null
+++ b/docs/dev/STATES.md
@@ -0,0 +1,89 @@
+# definition states API
+
+Each definition has at least one state holding attributes like isTainted. The goal is to handle properties and array dataflow.
+
+For simple variable, the defaultState is enough, as dataflow is correctly performed by visitorDataFlow:
+```
+// block 1
+// foo defined in blockid 1 (defaultState = 1)
+// state 1 of foo tainted
+$foo = $_GET["p"];
+
+if(rand()) {
+ // block 2
+ // bar defined in blockid 2 (defaultState = 2)
+ // state 2 of foo bar (get value of foo->currentState()) tainted
+ $bar = $foo;
+}
+else {
+ // block 3
+ // bar defined in blockid 3 (defaultState = 3)
+ // state 3 of foo bar empty
+ $bar = null;
+}
+
+// block 4
+// bar search def:
+// * block2 $bar->getCurrentState()
+// * block3 $bar->getCurrentState()
+// merge states on block 4 of echo_arg0
+echo $bar;
+```
+
+For instances/properties variable, we need different states:
+```
+// block 1
+// instance defined in blockid 1 (defaultState = 1)
+$instance = new Object;
+
+if(rand()) {
+ // block 2
+ // instance defined in blockid 1 (defaultState = 1)
+ // state 2 of instance prop tainted
+ $instance->prop = $_GET["p"];
+ echo $instance->prop;
+}
+else {
+ // block 3
+ // instance defined in blockid 1 (defaultState = 1)
+ // state 3 of instance prop "null"
+ $instance->prop = "null";
+ echo $instance->prop;
+}
+
+// block 4
+// we launch dataflow analysis for properties
+// parent of 4 = block 2, 3
+// state 4 = merge(state 2,3)
+echo $instance->prop;
+```
+
+
+Chained calls:
+```
+// block 1
+// instance1 defined in blockid 1 (defaultState = 1)
+$instance1 = new Object1;
+
+/*
+function func1() {
+ // block 2
+ // instance2 defined in blockid 2 (defaultState = 2)
+ $instance2 = new Object2;
+ return $instance2;
+}
+
+function func2() {
+ // block 3
+ // instance3 defined in blockid 3 (defaultState = 3)
+ $instance3 = new Object3;
+ return $instance3;
+}
+
+function func3() {
+ echo $this->prop;
+}
+*/
+
+$instance1->func1()->func2()->func3();
+```
\ No newline at end of file
diff --git a/grumphp.yml b/grumphp.yml
index 65337c12..2809ba43 100644
--- a/grumphp.yml
+++ b/grumphp.yml
@@ -6,7 +6,3 @@ grumphp:
metadata:
priority: 300
ignore_patterns: ["*/projects/tests/*"]
-
- progpilot:
- config_file: progpilot.yml
- triggered_by: [php]
diff --git a/package/composer.json b/package/composer.json
index 8f2fa852..e976ee08 100644
--- a/package/composer.json
+++ b/package/composer.json
@@ -9,13 +9,13 @@
}
],
"require": {
- "php": "^7.0",
- "ircmaxell/php-cfg": "1.0.x-dev",
+ "php": ">=7.4",
+ "ircmaxell/php-cfg": "^0.6.0",
"symfony/yaml": ">=3.3.6",
"symfony/console": ">=3.3.5"
},
"require-dev": {
- "phpunit/phpunit": "^6.0"
+ "phpunit/phpunit": "^8.0 || ^9.0"
},
"autoload": {
"psr-0": {
diff --git a/package/src/progpilot/AbstractLayer/Analysis.php b/package/src/progpilot/AbstractLayer/Analysis.php
deleted file mode 100644
index 050ec967..00000000
--- a/package/src/progpilot/AbstractLayer/Analysis.php
+++ /dev/null
@@ -1,171 +0,0 @@
-getObjects()->getObjects() as $id => $objectClass) {
- $params = array($context, $id, $objectClass, $myClass);
- call_user_func_array(__NAMESPACE__ ."\\$func", $params);
- }
- }
-
- public static function forDefsInFunctions($context, $func, $myClass)
- {
- foreach ($context->getFunctions()->getFunctions() as $functionsBlocks) {
- foreach ($functionsBlocks as $functionBlock) {
- foreach ($functionBlock->getDefs()->getDefs() as $defsBlocks) {
- foreach ($defsBlocks as $defBlock) {
- $params = array($context, $defBlock, $myClass);
- call_user_func_array(__NAMESPACE__ ."\\$func", $params);
- }
- }
- }
- }
- }
-
- public static function checkIfFuncEqualMySpecify($context, $mySpecify, $myFunc, $stackClass = null)
- {
- $checkName = false;
- if ($myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- $properties = $myFunc->property->getProperties();
- if (is_array($properties) && isset($properties[count($properties) - 1])) {
- $lastproperty = $properties[count($properties) - 1];
- if ($lastproperty === $mySpecify->getName()) {
- $checkName = true;
- }
- }
- }
-
- $checkInstance = false;
- if (($mySpecify->getName() === $myFunc->getName()) || $checkName) {
- $checkName = true;
- $checkInstance = true;
-
- if ($mySpecify->isInstance() && !is_null($stackClass)) {
- if ($mySpecify->getLanguage() === "php") {
- $propertiesRule = explode("->", $mySpecify->getInstanceOfName());
- } elseif ($mySpecify->getLanguage() === "js") {
- $propertiesRule = explode(".", $mySpecify->getInstanceOfName());
- }
-
- if (is_array($propertiesRule)) {
- $i = 0;
- foreach ($propertiesRule as $propertyName) {
- // if(!isset($stackClass[$i])) && count() == 0 =>
- //$test = new ClassInconnu;
- //$test->db->call() (db has no known instance)
- $foundProperty = true;
-
- if (isset($stackClass[$i]) && count($stackClass[$i]) > 0) {
- $foundProperty = false;
- foreach ($stackClass[$i] as $propClass) {
- $objectId = $propClass->getObjectId();
- $myClass = $context->getObjects()->getMyClassFromObject($objectId);
-
- if (!is_null($myClass)
- && ($myClass->getName() === $propertyName
- || $myClass->getExtendsOf() === $propertyName)) {
- $foundProperty = true;
- break;
- }
- }
- }
-
- if (!$foundProperty) {
- $checkInstance = false;
- break;
- }
-
- $i ++;
- }
- }
- } elseif ($mySpecify->isInstance() && is_null($stackClass)) {
- $checkInstance = false;
- }
- }
-
- return $checkInstance & $checkName;
- }
-
- public static function checkIfDefEqualDefRule($context, $defs, $rule, $def, $stackClass = null)
- {
- $definition = $rule->getDefinition();
- $checkName = false;
- if ($def->isType(MyDefinition::TYPE_PROPERTY)) {
- $properties = $def->property->getProperties();
- if (is_array($properties) && isset($properties[count($properties) - 1])) {
- $lastproperty = $properties[count($properties) - 1];
- if ($lastproperty === $definition->getName()) {
- $checkName = true;
- }
- }
- }
-
- $checkInstance = false;
- if (!is_null($definition) && ($definition->getName() === $def->getName()) || $checkName) {
- $checkName = true;
- $checkInstance = true;
-
- if (is_null($stackClass) && !is_null($defs)) {
- $stackClass = ResolveDefs::propertyClass($context, $defs, $def);
- }
-
- if ($definition->isInstance() && !is_null($stackClass)) {
- if ($definition->getLanguage() === "php") {
- $propertiesRule = explode("->", $definition->getInstanceOfName());
- } elseif ($definition->getLanguage() === "js") {
- $propertiesRule = explode(".", $definition->getInstanceOfName());
- }
-
- if (is_array($propertiesRule)) {
- $i = 0;
- foreach ($propertiesRule as $propertyName) {
- // if(!isset($stackClass[$i])) && count() == 0 =>
- //$test = new ClassInconnu;
- //$test->db->call() (db has no known instance)
- $foundProperty = true;
-
- if (isset($stackClass[$i]) && count($stackClass[$i]) > 0) {
- $foundProperty = false;
- foreach ($stackClass[$i] as $propClass) {
- $objectId = $propClass->getObjectId();
- $myClass = $context->getObjects()->getMyClassFromObject($objectId);
-
- if (!is_null($myClass)
- && ($myClass->getName() === $propertyName
- || $myClass->getExtendsOf() === $propertyName)) {
- $foundProperty = true;
- break;
- }
- }
- }
-
- if (!$foundProperty) {
- $checkInstance = false;
- break;
- }
-
- $i ++;
- }
- }
- }
- }
-
- return $checkInstance & $checkName;
- }
-}
diff --git a/package/src/progpilot/AbstractLayer/Callbacks.php b/package/src/progpilot/AbstractLayer/Callbacks.php
deleted file mode 100644
index a1ee1305..00000000
--- a/package/src/progpilot/AbstractLayer/Callbacks.php
+++ /dev/null
@@ -1,29 +0,0 @@
-getName() === $newMyclass->getName()) {
- $context->getObjects()->addMyclassToObject($idObject, $newMyclass);
- }
- }
-
- public static function modifyMyclassOfObjectFromDef($context, $def, $myClass)
- {
- if ($def->getClassName() === $myClass->getName()) {
- $idObject = $def->getObjectId();
- $context->getObjects()->addMyclassToObject($idObject, $myClass);
- }
- }
-}
diff --git a/package/src/progpilot/Analysis/ArrayAnalysis.php b/package/src/progpilot/Analysis/ArrayAnalysis.php
deleted file mode 100644
index 25955544..00000000
--- a/package/src/progpilot/Analysis/ArrayAnalysis.php
+++ /dev/null
@@ -1,146 +0,0 @@
-isType(MyDefinition::TYPE_COPY_ARRAY)
- && ($searchedDef->isType(MyDefinition::TYPE_ARRAY) || $isIterator))) {
- foreach ($def->getCopyArrays() as $defCopyArray) {
- $myDef_arr = $defCopyArray[0];
- $myDef_tmp = $defCopyArray[1];
-
- if (($myDef_arr === $searchedDef->getArrayValue()) || $isIterator) {
- $goodDefs[] = $myDef_tmp;
- }
- }
- } elseif ($searchedDef->isType(MyDefinition::TYPE_ARRAY)) {
- // I'm looking for def[arr], I want to find def[arr], but I can have def (must be eliminated)
- if (($def->isType(MyDefinition::TYPE_ARRAY)
- && ($searchedDef->getArrayValue() === $def->getArrayValue()) || $isIterator)
- || $def->getArrayValue() === "PROGPILOT_ALL_INDEX_TAINTED") {
- if ($def->getArrayValue() === "PROGPILOT_ALL_INDEX_TAINTED") {
- $searchedDef->setTainted(true);
- //TaintAnalysis::setTainted($context, $data, $searchedDef, $def, $def->getExpr(), false);
-
- if (ResolveDefs::getVisibilityFromInstances($context, $data, $def)) {
- ValueAnalysis::copyValues($searchedDef, $def);
- TaintAnalysis::setTainted($searchedDef, $def, $def->getExpr());
- }
-
- $goodDefs[] = $searchedDef;
- } else {
- $goodDefs[] = $def;
- }
- }
- } elseif (!$searchedDef->isType(MyDefinition::TYPE_ARRAY)) {
- // I'm looking for def, I want to find def, but I can have def[arr] (must be eliminated)
- if (!$def->isType(MyDefinition::TYPE_ARRAY) || $isIterator) {
- $goodDefs[] = $def;
- }
- }
-
- return $goodDefs;
- }
-
- public static function copyArray($context, $data, $originalTab, $originalArr, $copyTab, $copyArr)
- {
- if (!is_null($originalTab) && !is_null($copyTab)) {
- if ($originalTab->isType(MyDefinition::TYPE_PROPERTY)) {
- $defs = ResolveDefs::selectProperties(
- $context,
- $data,
- $originalTab,
- true
- );
- } else {
- $defs = ResolveDefs::selectDefinitions(
- $context,
- $data,
- $originalTab,
- true
- );
- }
-
- foreach ($defs as $defa) {
- ArrayAnalysis::copyArrayFromDef($defa, $originalArr, $copyTab, $copyArr);
- }
- }
- }
-
- public static function copyArrayFromDef($originalTab, $originalArr, $copyTab, $copyArr)
- {
- if ($originalTab->isType(MyDefinition::TYPE_COPY_ARRAY)) {
- $copyArrays = $originalTab->getCopyArrays();
-
- foreach ($copyArrays as $value) {
- $arrValue = $value[0];
- $defArr = $value[1];
-
- $extract = BuildArrays::extractArrayFromArr($arrValue, $originalArr);
- if ($extract !== false) {
- $extractBis = BuildArrays::buildArrayFromArr($copyArr, $extract);
-
- $copyTab->addCopyArray($extractBis, $defArr);
- $copyTab->addType(MyDefinition::TYPE_COPY_ARRAY);
- if ($copyTab->isType(MyDefinition::TYPE_ARRAY)) {
- $copyTab->removeType(MyDefinition::TYPE_ARRAY);
- }
- $copyTab->setArrayValue(false);
-
- unset($defArr);
- }
- }
- } elseif ($originalTab->getArrayValue() !== "PROGPILOT_ALL_INDEX_TAINTED") {
- $extract = BuildArrays::extractArrayFromArr($originalTab->getArrayValue(), $originalArr);
-
- // si on cherchait $copy = $array[11] ici il y a des arrays de type $array[11][quelquechose]
- // ou deuxieme cas
- // si on cherchait $copy = $arrays ici il y a des arrays de type $arrays[quelquechose]
- if ($extract !== false) {
- // si on a $copy[11] = $array[12] on veut $copy[11][12]
- if ($copyArr !== false) {
- $extract = BuildArrays::buildArrayFromArr($copyArr, $extract);
- }
-
- $copyTab->addCopyArray($extract, $originalTab);
- $copyTab->addType(MyDefinition::TYPE_COPY_ARRAY);
-
- if ($copyTab->isType(MyDefinition::TYPE_ARRAY)) {
- $copyTab->removeType(MyDefinition::TYPE_ARRAY);
- }
-
- $copyTab->setArrayValue(false);
- }
- }
- }
-}
diff --git a/package/src/progpilot/Analysis/AssertionAnalysis.php b/package/src/progpilot/Analysis/AssertionAnalysis.php
index 10e49e87..8b2ea624 100644
--- a/package/src/progpilot/Analysis/AssertionAnalysis.php
+++ b/package/src/progpilot/Analysis/AssertionAnalysis.php
@@ -14,7 +14,7 @@
class AssertionAnalysis
{
- public static function temporarySimple($context, $data, $myBlock, $resolveTemporary, $tempDef)
+ public static function checkDefIsAssert($myBlock, $def)
{
$assertions = $myBlock->getAssertions();
@@ -26,34 +26,16 @@ public static function temporarySimple($context, $data, $myBlock, $resolveTempor
$myDefAssertion = $assertion->getDef();
$typeAssertion = $assertion->getType();
- // there was not resolution so we simply check name (or better equality values)
- if ($resolveTemporary === $tempDef) {
- if ($myDefAssertion->getName() === $tempDef->getName()) {
- $tempDef->setTainted(false);
- }
-
- $equality = true;
- }
-
- if ($myDefAssertion === $resolveTemporary) {
- if ($myDefAssertion->getName() === $tempDef->getName()) {
- $tempDef->setTainted(false);
- }
-
+ if ($myDefAssertion->getName() === $def->getName()) {
$equality = true;
break;
}
}
-
if ($equality && $typeAssertion !== "string") {
$safe = true;
}
- if ($resolveTemporary->getCast() === MyDefinition::CAST_SAFE) {
- $safe = true;
- }
-
return $safe;
}
}
diff --git a/package/src/progpilot/Analysis/CustomAnalysis.php b/package/src/progpilot/Analysis/CustomAnalysis.php
index c9e34f4c..3887f94b 100644
--- a/package/src/progpilot/Analysis/CustomAnalysis.php
+++ b/package/src/progpilot/Analysis/CustomAnalysis.php
@@ -18,7 +18,7 @@
use progpilot\Objects\MyClass;
use progpilot\Code\MyInstruction;
use progpilot\Utils;
-use progpilot\AbstractLayer\Analysis as AbstractAnalysis;
+use progpilot\Helpers\Analysis as HelpersAnalysis;
class CustomAnalysis
{
@@ -28,7 +28,7 @@ public static function disclosureOfInformation($context, $defs, $defassign)
foreach ($customRules as $customRule) {
if ($customRule->getType() === MyCustomRule::TYPE_VARIABLE
&& $customRule->getAction() === "ASSIGNMENT_DISCLOSE_HIGH_VALUE") {
- $result = AbstractAnalysis::checkIfDefEqualDefRule($context, $defs, $customRule, $defassign);
+ $result = HelpersAnalysis::checkIfDefEqualDefRule($context, $defs, $customRule, $defassign);
if ($result) {
$hashedValue = $defassign->getLine();
@@ -54,29 +54,28 @@ public static function disclosureOfInformation($context, $defs, $defassign)
return null;
}
- public static function defineObject($context, $myFuncorDef, $stackClass)
+ public static function defineObject($context, $instruction, $myFuncorDef, $myClassFound, $virtualReturnDef)
{
$customRules = $context->inputs->getCustomRules();
foreach ($customRules as $customRule) {
if ($customRule->getType() === MyCustomRule::TYPE_VARIABLE
&& $customRule->getAction() === "DEFINE_OBJECT"
&& !is_null($customRule->getExtra())) {
- $result = AbstractAnalysis::checkIfDefEqualDefRule(
+ $result = HelpersAnalysis::checkIfDefEqualDefRule(
$context,
null,
$customRule,
$myFuncorDef,
- $stackClass
+ $myClassFound
);
-
+
if ($result) {
- $myClassNew = new MyClass(
- $myFuncorDef->getLine(),
- $myFuncorDef->getColumn(),
- $customRule->getExtra()
+ return CustomAnalysis::returnObjectCreateObject(
+ $context,
+ $customRule,
+ $myFuncorDef,
+ $virtualReturnDef
);
-
- return $myClassNew;
}
}
}
@@ -84,63 +83,56 @@ public static function defineObject($context, $myFuncorDef, $stackClass)
return null;
}
- public static function returnObjectCreateObject($context, $myExpr, $customRule, $myFuncorDef)
+ public static function returnObjectCreateObject($context, $customRule, $myFuncorDef, $virtualReturnDef)
{
- $defAssign = $myExpr->getAssignDef();
-
- $objectId = $context->getObjects()->addObject();
-
- $defAssign->addType(MyDefinition::TYPE_INSTANCE);
- $defAssign->setObjectId($objectId);
-
- $myClass = $context->getClasses()->getMyClass($customRule->getExtra());
-
- if (is_null($myClass)) {
- $myClass = new MyClass(
- $defAssign->getLine(),
- $defAssign->getColumn(),
- $customRule->getExtra()
- );
+ $myFakeInstance = null;
+
+ // $this->foo->bar (we want to define an object on bar)
+ if ($myFuncorDef->isType(MyDefinition::TYPE_PROPERTY)) {
+ $myFakeInstance = $myFuncorDef;
+ $myFakeInstance->addType(MyDefinition::TYPE_INSTANCE);
+ $myFakeInstance->setClassName($customRule->getExtra());
+ } elseif (!is_null($virtualReturnDef)) {
+ $myFakeInstance = $virtualReturnDef;
+ $myFakeInstance->addType(MyDefinition::TYPE_INSTANCE);
+ $myFakeInstance->setClassName($customRule->getExtra());
}
- $context->getObjects()->addMyclassToObject($objectId, $myClass);
-
- $myBackDef = $myFuncorDef->getBackDef();
- if (!is_null($myBackDef)) {
- $objectId = $myBackDef->getObjectId();
- $context->getObjects()->addMyclassToObject($objectId, $myClass);
+ if (!is_null($myFakeInstance)) {
+ HelpersAnalysis::createObject($context, $myFakeInstance);
+ return $myFakeInstance;
}
}
- public static function returnObject($context, $myFuncorDef, $stackClass, $myExpr)
+ public static function returnObject($context, $myFuncorDef, $myClass, $instruction, $virtualReturnDef)
{
- if (!is_null($myExpr) && $myExpr->isAssign()) {
- $customRules = $context->inputs->getCustomRules();
- foreach ($customRules as $customRule) {
- if ($customRule->getType() === MyCustomRule::TYPE_FUNCTION
+ $customRules = $context->inputs->getCustomRules();
+ foreach ($customRules as $customRule) {
+ if ($customRule->getType() === MyCustomRule::TYPE_FUNCTION
&& $customRule->getAction() === "DEFINE_OBJECT"
&& !is_null($customRule->getExtra())) {
- $result = AbstractAnalysis::checkIfDefEqualDefRule(
+ $result = HelpersAnalysis::checkIfDefEqualDefRule(
+ $context,
+ null,
+ $customRule,
+ $myFuncorDef,
+ $myClass
+ );
+ if ($result) {
+ return CustomAnalysis::returnObjectCreateObject(
$context,
- null,
$customRule,
$myFuncorDef,
- $stackClass
+ $virtualReturnDef
);
- if ($result) {
- CustomAnalysis::returnObjectCreateObject(
- $context,
- $myExpr,
- $customRule,
- $myFuncorDef
- );
- }
}
}
}
+
+ return null;
}
- public static function mustVerifyDefinition($context, $instruction, $myFunc, $stackClass = null)
+ public static function mustVerifyDefinition($context, $instruction, $myFunc, $myClass = null)
{
$customRules = $context->inputs->getCustomRules();
foreach ($customRules as $customRule) {
@@ -149,32 +141,33 @@ public static function mustVerifyDefinition($context, $instruction, $myFunc, $st
|| $customRule->getAction() === "MUST_NOT_VERIFY_DEFINITION")) {
$functionDefinition = $customRule->getDefinition();
- $result = AbstractAnalysis::checkIfFuncEqualMySpecify(
- $context,
- $functionDefinition,
- $myFunc,
- $stackClass
- );
-
if (!is_null($functionDefinition)) {
+ $result = HelpersAnalysis::checkIfFuncEqualMySpecify(
+ $context,
+ $functionDefinition,
+ $myFunc,
+ $myClass
+ );
if ($result) {
- $params = $functionDefinition->getParameters();
-
- if($myFunc->getNbParams() < $functionDefinition->getMinNbArgs()
+ if ($myFunc->getNbParams() < $functionDefinition->getMinNbArgs()
|| $myFunc->getNbParams() > $functionDefinition->getMaxNbArgs()) {
$isValid = true;
- }
- else {
+ } else {
$isValid = false;
$params = $functionDefinition->getParameters();
+
+ // if one parameter is not valid all the rule is not valid
foreach ($params as $param) {
$isValid = false;
$idParam = $param[0] - 1;
$valuesParameter = $param[1];
- $validbydefault = $customRule->getAction() === "MUST_NOT_VERIFY_DEFINITION" ? !$param[2] : $param[2];
+ $validbydefault = $param[2];
$isParameterFixed = $param[3];
-
+ $isParameterSufficient = $param[4];
+ $isParameterFailIfNotVerifed = $param[5];
+ $isParameterNotEquals = $param[6];
+
if (!is_null($valuesParameter)) {
if (!$instruction->isPropertyExist("argdef$idParam")) {
$isValid = $validbydefault;
@@ -189,52 +182,98 @@ public static function mustVerifyDefinition($context, $instruction, $myFunc, $st
if (isset($valueParameter->is_array)
&& $valueParameter->is_array === true
&& isset($valueParameter->array_index)) {
-
$arrayfound = false;
- if ($defArg->isType(MyDefinition::TYPE_COPY_ARRAY)) {
- $copyArrays = $defArg->getCopyArrays();
- foreach ($copyArrays as $copyArray) {
- foreach ($copyArray[0] as $copyIndex => $copyValue) {
- if ($copyIndex === $valueParameter->array_index) {
- $defLastKnownValues = $copyArray[1]->getLastKnownValues();
- $arrayfound = true;
-
- break 2;
- }
+
+ if ($defArg->getCurrentState()->isType(MyDefinition::TYPE_ARRAY)) {
+ foreach ($defArg->getCurrentState()->getArrayIndexes() as $arrayIndex) {
+ if ($arrayIndex->index === $valueParameter->array_index) {
+ $defLastKnownValues =
+ $arrayIndex->def->getCurrentState()->getLastKnownValues();
+ $arrayfound = true;
+
+ break;
}
}
}
if (!$arrayfound) {
$isValid = $validbydefault;
- break;
+ break 2;
}
} else {
- $defLastKnownValues = $defArg->getLastKnownValues();
+ $defLastKnownValues = $defArg->getCurrentState()->getLastKnownValues();
}
if (count($defLastKnownValues) === 0) {
$isValid = false;
}
-
+
+ // we check all the values of a param
+ $validForAllValues = false;
foreach ($defLastKnownValues as $lastKnownValue) {
- if ($valueParameter->value === $lastKnownValue) {
- $isValid = true;
- break 2;
+ // if it's valid we continue
+ if (($valueParameter->value === $lastKnownValue
+ && !$isParameterNotEquals)
+ || ($valueParameter->value !== $lastKnownValue
+ && $isParameterNotEquals)) {
+ $validForAllValues = true;
+ } else {
+ // it's not valid we can break
+ $validForAllValues = false;
+
+ // we just need to found one parameter that is equals
+ if ($isParameterNotEquals) {
+ break 2;
+ } else {
+ break;
+ }
}
}
+
+ $isValid = $validForAllValues;
+ // we found a value of the param valid, we don't need to continue on
+ // other possible values of the rule
+ if ($isValid) {
+ break;
+ }
+ }
+
+ // for must_verify definition
+ // * if one parameter is valid (respect conditions):
+ // * it can be enough (if sufficient) to valid the rule (no issue)
+ // * if one parameter is not valid:
+ // * the rule is not valid except if raise_if_not_verified set to false
+ // * the rule is valid if fixed (required) option is set
+
+ // for must_not_verify definition
+ // * if one parameter is valid (respect conditions):
+ // * the rule is not valid except if raise_if_not_verified set to false
+ // * the rule is vali except if fixed (required) option is set
+ // * if one parameter is not valid (doesn't respect conditions):
+ // * it can be enough (if sufficient) to valid the rule (no issue)
+
+ // one parameter is not valid and required
+ if (!$isValid
+ && $isParameterFixed) {
+ $isValid = true;
+ break;
}
- // one parameter is valid but MUST_NOT_VERIFY_DEFINITION
+
if ($customRule->getAction() === "MUST_NOT_VERIFY_DEFINITION") {
$isValid = !$isValid;
+ }
+
+ // one parameter is valid and enough
+ if ($isValid
+ && $isParameterSufficient) {
+ $isValid = true;
break;
}
-
- // one parameter is not valid and required
+
+ // one parameter is not valid but should not fail and continue with other params
if (!$isValid
- && $isParameterFixed) {
+ && !$isParameterFailIfNotVerifed) {
$isValid = true;
- break;
}
// one parameter is not valid
@@ -269,55 +308,61 @@ public static function mustVerifyDefinition($context, $instruction, $myFunc, $st
}
}
- public static function mustVerifyCallFlow($context)
+ public static function mustVerifyCallFlow($context, $callgraph)
{
- if ($context->getAnalyzeHardrules()) {
- $rulesVerifyCallFlow = [];
- $customRules = $context->inputs->getCustomRules();
- foreach ($customRules as $customRule) {
- if ($customRule->getType() === MyCustomRule::TYPE_SEQUENCE
+ $firstCustomFunctions = [];
+ $rulesVerifyCallFlow = [];
+ $customRules = $context->inputs->getCustomRules();
+ foreach ($customRules as $customRule) {
+ if ($customRule->getType() === MyCustomRule::TYPE_SEQUENCE
&& $customRule->getAction() === "MUST_VERIFY_CALL_FLOW") {
- $sequence = $customRule->getSequence();
+ $sequence = $customRule->getSequence();
- $customRule->setCurrentOrderNumber(0);
- $rulesVerifyCallFlow[] = $customRule;
+ $customRule->setCurrentOrderNumber(0);
+ $rulesVerifyCallFlow[] = $customRule;
+ if (is_array($sequence) && !empty($sequence)) {
+ $firstCustomFunctions[] = $sequence[0];
foreach ($sequence as $customFunction) {
$customFunction->setOrderNumberReal(-1);
}
}
}
+ }
- $function = $context->getFunctions()->getFunction("{main}");
- if (!is_null($function)) {
- $context->outputs->callgraph->addNode($function, null);
+ foreach ($firstCustomFunctions as $firstCustomFunction) {
+ $functions = $context->getFunctions()->getAllFunctions($firstCustomFunction->getName());
+ foreach ($functions as $function) {
+ if (!is_null($function)) {
+ $callgraph->addNode($function, null);
- foreach ($function->getBlocks() as $firstMyBlock) {
- $calls = $context->outputs->callgraph->getCalls($firstMyBlock);
- if (!is_null($calls)) {
- foreach ($calls as $call) {
- $context->outputs->callgraph->addEdge($function, null, $call[0], $call[1]);
+ foreach ($function->getBlocks() as $firstMyBlock) {
+ $calls = $callgraph->getCalls($firstMyBlock);
+ if (!is_null($calls)) {
+ foreach ($calls as $call) {
+ $callgraph->addEdge($function, null, $call[0], $call[1]);
+ }
}
- }
- break;
- }
-
- $NodeCG = new NodeCG(
- $function->getName(),
- $function->getLine(),
- $function->getColumn(),
- $function->getSourceMyFile()->getName(),
- null
- );
- $nodes = $context->outputs->callgraph->getNodes();
+ break;
+ }
- if (array_key_exists($NodeCG->getId(), $nodes)) {
- $depthFirstSearch = new DepthFirstSearch(
- $nodes,
- new DFSVisitor($context, $rulesVerifyCallFlow)
+ $NodeCG = new NodeCG(
+ $function->getName(),
+ $function->getLine(),
+ $function->getColumn(),
+ $function->getSourceMyFile()->getName(),
+ null
);
- $depthFirstSearch->init($nodes[$NodeCG->getId()]);
+ $nodes = $callgraph->getNodes();
+
+ if (array_key_exists($NodeCG->getId(), $nodes)) {
+ $depthFirstSearch = new DepthFirstSearch(
+ $nodes,
+ new DFSVisitor($context, $rulesVerifyCallFlow)
+ );
+ $depthFirstSearch->init($nodes[$NodeCG->getId()]);
+ }
}
}
}
diff --git a/package/src/progpilot/Analysis/FuncAnalysis.php b/package/src/progpilot/Analysis/FuncAnalysis.php
index ec1cc803..f947859e 100644
--- a/package/src/progpilot/Analysis/FuncAnalysis.php
+++ b/package/src/progpilot/Analysis/FuncAnalysis.php
@@ -10,64 +10,91 @@
namespace progpilot\Analysis;
+use progpilot\Objects\MyFunction;
use progpilot\Objects\MyDefinition;
use progpilot\Code\Opcodes;
use progpilot\Code\MyInstruction;
+use progpilot\Helpers\Analysis as HelpersAnalysis;
+
class FuncAnalysis
{
- public static function funccallAfter($context, $data, $myFuncCall, $myFunc, $arrFuncCall, $instruction, $opAfter)
- {
- $exprReturn = $instruction->getProperty(MyInstruction::EXPR);
-
- if (!is_null($myFunc)) {
- $defsReturn = $myFunc->getReturnDefs();
- foreach ($defsReturn as $defReturn) {
- if (($arrFuncCall !== false
- && $defReturn->isType(MyDefinition::TYPE_ARRAY)
- && $defReturn->getArrayValue() === $arrFuncCall)
- || ($arrFuncCall === false && !$defReturn->isType(MyDefinition::TYPE_ARRAY))) {
- $copyDefReturn = $defReturn;
-
- // copydefreturn = return $defReturn;
- $copyDefReturn->setExpr($exprReturn);
- $defReturn->setCast($myFuncCall->getCastReturn());
- // exprreturn = $def = exprreturn(funccall());
- $exprReturn->addDef($copyDefReturn);
-
- $expr = $copyDefReturn->getExpr();
- if ($expr->isAssign()) {
- $defAssign = $expr->getAssignDef();
- //TaintAnalysis::setTainted($copyDefReturn, $defAssign, $expr);
-
- if (ResolveDefs::getVisibilityFromInstances($context, $data, $defAssign)) {
- ValueAnalysis::copyValues($copyDefReturn, $defAssign);
- TaintAnalysis::setTainted($copyDefReturn->isTainted(), $defAssign, $expr);
- }
-
- ArrayAnalysis::copyArrayFromDef(
- $defReturn,
- $arrFuncCall,
- $defAssign,
- $defAssign->getArrayValue()
- );
- }
- }
- }
-
- if ($opAfter->getOpcode() === Opcodes::DEFINITION) {
- $copyTab = $opAfter->getProperty(MyInstruction::DEF);
+ public static function funccallAfter(
+ $myFunc,
+ $context,
+ $myClass,
+ $myFuncCall,
+ $instruction
+ ) {
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $opInformation = $context->getCurrentFunc()->getOpInformation($resultid);
+
+ $myFuncReturn = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $myFuncCall->getLine(),
+ $myFuncCall->getColumn(),
+ $myFuncCall->getName()."_return"
+ );
+
+ $opInformation["chained_results"][] = $myFuncReturn;
+
+ \progpilot\Analysis\CustomAnalysis::defineObject(
+ $context,
+ $instruction,
+ $myFuncCall,
+ $myClass,
+ $myFuncReturn
+ );
+
+ \progpilot\Analysis\CustomAnalysis::returnObject(
+ $context,
+ $myFuncCall,
+ $myClass,
+ $instruction,
+ $myFuncReturn
+ );
+
+ $opInformationValid = TaintAnalysis::funccallValidator(
+ $context,
+ $myFunc,
+ $myClass,
+ $instruction
+ );
+
+ TaintAnalysis::funccallSanitizer(
+ $myFunc,
+ $context,
+ $myClass,
+ $instruction,
+ $myFuncReturn
+ );
+
+ TaintAnalysis::funccallSource($context, $myClass, $instruction, $myFuncReturn);
+
+ if (is_null($myFunc)) {
+ ResolveDefs::funccallReturnValues($myFuncCall, $instruction, $myFuncReturn);
+ }
+ SecurityAnalysis::funccall($context, $instruction, $myClass);
- $originalTabs = $myFunc->getReturnDefs();
+ if (!is_null($opInformationValid)) {
+ $opInformation["condition_defs"] = $opInformationValid["condition_defs"];
+ $opInformation["valid_when_returning"] = $opInformationValid["valid_when_returning"];
+ }
- foreach ($originalTabs as $originalTab) {
- ArrayAnalysis::copyArrayFromDef($originalTab, $arrFuncCall, $copyTab, $copyTab->getArrayValue());
+ // could be merged with funccallclass (new instance)
+ if (!is_null($myFunc)) {
+ if ($myFuncCall->getName() !== "__construct" && !empty($myFunc->getReturnDefs())) {
+ foreach ($myFunc->getReturnDefs() as $returnDef) {
+ $opInformation["chained_results"][] = $returnDef;
}
}
}
+
+ $context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
}
- public static function funccallBefore($context, $data, $myFunc, $myFuncCall, $instruction)
+ public static function funccallBefore($myFunc, $instruction)
{
$nbParams = 0;
$params = $myFunc->getParams();
@@ -75,42 +102,15 @@ public static function funccallBefore($context, $data, $myFunc, $myFuncCall, $in
foreach ($params as $param) {
if ($instruction->isPropertyExist("argdef$nbParams")) {
$defArg = $instruction->getProperty("argdef$nbParams");
- $exprArg = $instruction->getProperty("argexpr$nbParams");
-
- $newParam = clone $param;
- $myFuncCall->addParam($newParam);
-
- $newParam->setLastKnownValues($defArg->getLastKnownValues());
- ArrayAnalysis::copyArrayFromDef($defArg, $defArg->getArrayValue(), $newParam, false);
-
- $param->setCopyArrays($newParam->getCopyArrays());
- $param->setLastKnownValues($newParam->getLastKnownValues());
- $param->setType($newParam->getType());
- $expr = $param->getExpr();
-
- if ($defArg->isTainted()) {
- // useful just for inside the function
- TaintAnalysis::setTainted($defArg->isTainted(), $param, $exprArg);
-
- if (!is_null($expr) && $expr->isAssign()) {
- $defAssign = $expr->getAssignDef();
-
- if (ResolveDefs::getVisibilityFromInstances($context, $data, $defAssign)) {
- TaintAnalysis::setTainted($defArg->isTainted(), $defAssign, $expr);
- ValueAnalysis::copyValues($defArg, $defAssign);
- }
- }
- }
+ $param->setParamToArg($defArg);
+ $defArg->setArgToParam($param);
- // useful for copy all tainted array progpilot
- ValueAnalysis::copyValues($defArg, $param);
+ $state = $defArg->createState();
+ $defArg->assignStateToBlockId($state->getId(), $param->getBlockId());
$nbParams ++;
- unset($defArg);
}
}
-
- unset($params);
}
}
diff --git a/package/src/progpilot/Analysis/IncludeAnalysis.php b/package/src/progpilot/Analysis/IncludeAnalysis.php
index f166576b..8e3bd69a 100644
--- a/package/src/progpilot/Analysis/IncludeAnalysis.php
+++ b/package/src/progpilot/Analysis/IncludeAnalysis.php
@@ -22,16 +22,15 @@
use progpilot\Code\Opcodes;
use progpilot\Code\MyInstruction;
-use progpilot\AbstractLayer\Analysis as AbstractAnalysis;
+use progpilot\Helpers\Analysis as HelpersAnalysis;
+use progpilot\Helpers\State as HelpersState;
use progpilot\Utils;
+use function DeepCopy\deep_copy;
+
class IncludeAnalysis
{
- public function __construct()
- {
- }
-
public static function isCircularInclude($myFile)
{
$includedMyFile = $myFile->getIncludedFromMyfile();
@@ -46,10 +45,9 @@ public static function isCircularInclude($myFile)
return false;
}
- public static function funccall($context, $defs, $blocks, $instruction, $code, $index)
+ public static function funccall($context, $blocks, $defs, $instruction)
{
$funcName = $instruction->getProperty(MyInstruction::FUNCNAME);
- $arrFuncCall = $instruction->getProperty(MyInstruction::ARR);
$myFuncCall = $instruction->getProperty(MyInstruction::MYFUNC_CALL);
// require, require_once ... already handled in transform Expr/include_
@@ -60,32 +58,43 @@ public static function funccall($context, $defs, $blocks, $instruction, $code, $
$atLeastOneIncludeResolved = false;
$myDefArg = $instruction->getProperty("argdef0");
-
- if (count($myDefArg->getLastKnownValues()) !== 0) {
- foreach ($myDefArg->getLastKnownValues() as $lastKnownValue) {
+ if (count($myDefArg->getCurrentState()->getLastKnownValues()) !== 0) {
+ foreach ($myDefArg->getCurrentState()->getLastKnownValues() as $lastKnownValue) {
$realFile = false;
-
// else it's maybe a relative path
- $file = $context->getPath()."/".$lastKnownValue;
- $realFile = realpath($file);
+ if (strlen($lastKnownValue) > 0
+ && (substr($lastKnownValue, 0, 1) !== DIRECTORY_SEPARATOR
+ || preg_match("/^[a-bA-B]*:/", $lastKnownValue) === 0)) {
+ $file = $context->getPath().DIRECTORY_SEPARATOR.$lastKnownValue;
+ $realFile = realpath($file);
+ }
// if $lastKnownValue is a absolute path to the file :
// /home/dev/file.php
if (!$realFile) {
$realFile = realpath($lastKnownValue);
}
-
if (!$realFile) {
$continueInclude = false;
+ // check is the file is manually set by the developer with json
$myInclude = $context->inputs->getIncludeByLocation(
- $context->getCurrentLine(),
- $context->getCurrentColumn(),
+ $myFuncCall->getLine(),
+ $myFuncCall->getColumn(),
$myFuncCall->getSourceMyFile()->getName()
);
if (!is_null($myInclude)) {
- $nameIncludedFile = realpath($myInclude->getValue());
+ $manuallyIncludedFile = $myInclude->getValue();
+ if (strlen($manuallyIncludedFile) > 0
+ && (substr($manuallyIncludedFile, 0, 1) !== DIRECTORY_SEPARATOR
+ || preg_match("/^[a-bA-B]*:/", $manuallyIncludedFile) === 0)) {
+ $manuallyIncludedFile =
+ $context->getPath().DIRECTORY_SEPARATOR.$manuallyIncludedFile;
+ }
+
+ $nameIncludedFile = realpath($manuallyIncludedFile);
+
if ($nameIncludedFile) {
$continueInclude = true;
}
@@ -94,141 +103,226 @@ public static function funccall($context, $defs, $blocks, $instruction, $code, $
$continueInclude = true;
$nameIncludedFile = $realFile;
}
-
+
if ($continueInclude) {
$atLeastOneIncludeResolved = true;
- $arrayIncludes = $context->getArrayIncludes();
- $arrayRequires = $context->getArrayRequires();
-
- if ((!in_array($nameIncludedFile, $arrayIncludes, true) && $typeInclude === 2)
+ $arrayIncludes = &$context->getArrayIncludes();
+ $arrayRequires = &$context->getArrayRequires();
+
+ if (!$context->inputs->isExcludedFile($nameIncludedFile)
+ && ((!in_array($nameIncludedFile, $arrayIncludes, true) && $typeInclude === 2)
|| (!in_array($nameIncludedFile, $arrayRequires, true) && $typeInclude === 4)
- || ($typeInclude === 1 || $typeInclude === 3)) {
- $myFile = new MyFile(
+ || ($typeInclude === 1 || $typeInclude === 3))) {
+ $myFileIncluded = new MyFile(
$nameIncludedFile,
$myFuncCall->getLine(),
$myFuncCall->getColumn()
);
- $myFile->setIncludedFromMyfile($myFuncCall->getSourceMyFile());
- if (!IncludeAnalysis::isCircularInclude($myFile)) {
+ $myFileIncluded->setIncludedFromMyfile(clone $context->getCurrentMyFile());
+ if (!IncludeAnalysis::isCircularInclude($myFileIncluded)) {
+ // include once
if ($typeInclude === 2) {
$arrayIncludes[] = $nameIncludedFile;
}
+ // require once
if ($typeInclude === 4) {
$arrayRequires[] = $nameIncludedFile;
}
- $contextInclude = clone $context;
-
- $contextInclude->resetInternalValues();
-
- // not need to propagate files already included to the current analyzed file
- // because of clone context and reset values that don't
- // ie : $contextInclude->set_array_includes($arrayIncludes); ect
- $contextInclude->inputs->setFile($nameIncludedFile);
- $contextInclude->inputs->setCode(null);
- $contextInclude->setCurrentMyfile($myFile);
- //$contextInclude->setOutputs(new \progpilot\Outputs\MyOutputs);
- $contextInclude->outputs->resetRepresentations();
-
- $mainFunctionSave = $context->getFunctions()->getFunction("{main}");
- $saveMain = $contextInclude->getFunctions()->delFunction("{main}");
-
$analyzerInclude = new \progpilot\Analyzer;
- $analyzerInclude->runInternalPhp(
- $contextInclude,
- $defs->getOutMinusKill($myFuncCall->getBlockId())
+ $saveCurrentMyfile = $context->getCurrentMyfile();
+ $saveCurrentOp = $context->getCurrentOp();
+ $saveCurrentBlock = $context->getCurrentBlock();
+ $saveCurrentLine = $context->getCurrentLine();
+ $saveCurrentColumn = $context->getCurrentColumn();
+ $saveCurrentFunc = $context->getCurrentFunc();
+ $saveCurrentCode = $context->getCurrentMyCode();
+
+ $context->setCurrentMyfile($myFileIncluded);
+
+ // could be analyzed with namespaces pre-includes, better to check
+ if (!$context->isFileDataAnalyzed($nameIncludedFile)) {
+ $context->inputs->setFile($nameIncludedFile);
+ $analyzerInclude->computeDataFlow($context);
+
+ // the file is now data analyzed
+ $context->addDataAnalyzedFile($nameIncludedFile);
+
+ $currentFile = $myFuncCall->getSourceMyFile()->getName();
+ $context->inputs->setFile($currentFile);
+ $context->setPath(dirname($currentFile));
+ }
+
+ $fileNameHash = hash("sha256", $context->getCurrentMyfile()->getName());
+ $mainInclude = $context->getFunctions()->getFunction(
+ "{main}",
+ "function",
+ $fileNameHash
);
- if (count($contextInclude->outputs->currentIncludesFile) > 0) {
- foreach ($contextInclude->outputs->currentIncludesFile as $includeFile) {
- $context->currentIncludesFile[] = $includeFile;
+ // we include defs of the current file to the included file
+ $saveMyFile = [];
+ $defsIncluded = [];
+ if (!is_null($mainInclude)) {
+ foreach ($mainInclude->getLastBlockIds() as $lastBlockId) {
+ $lastMyBlockConstuctor =
+ $mainInclude->getBlockById($lastBlockId);
+ if (!is_null($context->getCurrentBlock())
+ && !is_null($lastMyBlockConstuctor)) {
+ $saveCurrentBlock->addVirtualParent($lastMyBlockConstuctor);
+ }
}
- }
-
- if (!is_null($contextInclude->outputs->getResults())) {
- foreach ($contextInclude->outputs->getResults() as $resultInclude) {
- $context->outputs->addResult($resultInclude);
+
+ // we change the source of defs nevermind the file is really analyzed or not
+ foreach ($mainInclude->getDefs()->getDefs() as $defOfMainArray) {
+ foreach ($defOfMainArray as $defOfMain) {
+ $defOfMain->setSourceMyFile($myFileIncluded);
+ }
}
- }
- $context->setCurrentNbDefs($contextInclude->getCurrentNbDefs());
+ // already visited from include or not?
+ if (!$mainInclude->isVisitedFromInclude()) {
+ $currentFileDefs = $defs->getOutMinusKill($myFuncCall->getBlockId());
+ if (!empty($currentFileDefs)) {
+ foreach ($currentFileDefs as $defToInclude) {
+ if ($defToInclude->getLine() < $myFuncCall->getLine()
+ || ($defToInclude->getLine() === $myFuncCall->getLine()
+ && $defToInclude->getColumn() < $myFuncCall->getColumn())) {
+ $saveMyFile[$defToInclude->getId()]
+ = $defToInclude->getSourceMyFile();
+ $defsIncluded[] = $defToInclude;
+
+ $tmp = clone $defToInclude->getSourceMyFile();
+ $tmp->setIncludedToMyfile($myFileIncluded);
+ $defToInclude->setSourceMyFile($tmp);
+
+ $mainInclude->getDefs()->addDef(
+ $defToInclude->getName(),
+ $defToInclude
+ );
+ $mainInclude->getDefs()->addGen(
+ $mainInclude->getFirstBlockId(),
+ $defToInclude
+ );
+ }
+ }
- $mainInclude = $contextInclude->getFunctions()->getFunction("{main}");
+ $mainInclude->getDefs()->computeKill($mainInclude->getFirstBlockId());
+ $mainInclude->getDefs()->reachingDefs($mainInclude->getBlocks());
+ }
+
+ // we analyze the main of the function again
+ // we can have tainted def included and vice-versa
+ $mainInclude->setIsVisited(false);
+ $mainInclude->setIsVisitedFromInclude(true);
+
+ $saveCallBacks = $context->getCallStack();
+ $context->resetCallStack();
+
+ $analyzerInclude->runFunctionAnalysis($context, $mainInclude, false);
+
+ $context->setCurrentOp($saveCurrentOp);
+ $context->setCurrentBlock($saveCurrentBlock);
+ $context->setCurrentLine($saveCurrentLine);
+ $context->setCurrentColumn($saveCurrentColumn);
+ $context->setCurrentFunc($saveCurrentFunc);
+ $context->setCurrentMyCode($saveCurrentCode);
+ $context->setCurrentMyfile($saveCurrentMyfile);
+
+ $context->setCallStack($saveCallBacks);
+
+ foreach ($defsIncluded as $defIncluded) {
+ if (!is_null($saveMyFile[$defIncluded->getId()])) {
+ $defIncluded->setSourceMyFile($saveMyFile[$defIncluded->getId()]);
+ }
+ }
- $defsOutputIncludedFinal = [];
- if (!is_null($mainInclude)) {
- FuncAnalysis::funccallAfter(
- $contextInclude,
- $defs->getOutMinusKill($myFuncCall->getBlockId()),
- $mainInclude,
- $mainInclude,
- $arrFuncCall,
- $instruction,
- $code[$index + 3]
- );
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $opInformation = $context->getCurrentFunc()->getOpInformation($resultid);
+ $opInformation["chained_results"] = $mainInclude->getReturnDefs();
+ $context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
+ }
+ // even if we don't visit again the function
+ // we are interested by the return def
+ // to include them in the file performing the include
+ // it's an approximation ...
+ $defsOutputIncludedFinal = [];
if (!is_null($mainInclude->getDefs())) {
- $defsMainReturn =
- $mainInclude->getDefs()->getDefRefByName("{main}_return");
-
- if (is_array($defsMainReturn)) {
- foreach ($defsMainReturn as $defMainReturn) {
- $defsOutputIncluded = $mainInclude->getDefs()->getOutMinusKill(
- $defMainReturn->getBlockId()
- );
- if (!is_null($defsOutputIncluded)) {
- foreach ($defsOutputIncluded as $defOutputIncluded) {
- if (!in_array(
- $defOutputIncluded,
- $defsOutputIncludedFinal,
- true
- )) {
- $defsOutputIncludedFinal[] = $defOutputIncluded;
- }
- }
+ $defsOutputIncluded = [];
+ foreach ($mainInclude->getLastBlockIds() as $lastBlockId) {
+ $defsOutputIncluded = array_merge(
+ $mainInclude->getDefs()->getOutMinusKill($lastBlockId),
+ $defsOutputIncluded
+ );
+ }
+
+ if (!is_null($defsOutputIncluded)) {
+ foreach ($defsOutputIncluded as $defOutputIncludedId) {
+ if (!in_array(
+ $defOutputIncludedId,
+ $defsOutputIncludedFinal,
+ true
+ ) && !in_array($defOutputIncludedId, $defsIncluded, true)) {
+ $defsOutputIncludedFinal[] = $defOutputIncludedId;
}
}
}
}
- }
- // for all class found, we resolve previous seen objects of this class
- $myClassesIncluded = $contextInclude->getClasses()->getListClasses();
- foreach ($myClassesIncluded as $myClassIncluded) {
- $funcCallBack = "Callbacks::modifyMyclassOfObject";
- AbstractAnalysis::forAllobjects($context, $funcCallBack, $myClassIncluded);
- }
+ // for all class found, we resolve previous seen objects of this class
+ $myClassesIncluded = $context->getClasses()->getListClasses();
+ foreach ($myClassesIncluded as $myClassIncluded) {
+ $funcCallBack = "Callbacks::modifyMyclassOfObject";
+ HelpersAnalysis::forAllobjects($context, $funcCallBack, $myClassIncluded);
+ }
- $newDefs = false;
- if (count($defsOutputIncludedFinal) > 0) {
- foreach ($defsOutputIncludedFinal as $defOutputIncludedFinal) {
- $ret1 = $defs->addDef(
- $defOutputIncludedFinal->getName(),
- $defOutputIncludedFinal
- );
- $ret2 = $defs->addGen(
- $myFuncCall->getBlockId(),
- $defOutputIncludedFinal
- );
+ $newDefs = false;
+ if (!empty($defsOutputIncludedFinal)) {
+ foreach ($defsOutputIncludedFinal as $defOutputIncludedFinal) {
+ $ret1 = $defs->addDef(
+ $defOutputIncludedFinal->getName(),
+ $defOutputIncludedFinal
+ );
+ $ret2 = $defs->addGen(
+ $myFuncCall->getBlockId(),
+ $defOutputIncludedFinal
+ );
+
+ $newDefs = true;
+ }
+ }
- $newDefs = true;
+ if ($newDefs) {
+ $defs->computeKill($myFuncCall->getBlockId());
+ $defs->reachingDefs($blocks);
+
+ $defsOutputIncluded = $defs->getOutMinusKill(
+ $myFuncCall->getBlockId()
+ );
}
- }
- if ($newDefs) {
- $defs->computeKill($context, $myFuncCall->getBlockId());
- $defs->reachingDefs($blocks);
+ HelpersState::blockSwitching($context, $context->getCurrentFunc());
}
+
+
+ $context->setCurrentOp($saveCurrentOp);
+ $context->setCurrentBlock($saveCurrentBlock);
+ $context->setCurrentLine($saveCurrentLine);
+ $context->setCurrentColumn($saveCurrentColumn);
+ $context->setCurrentFunc($saveCurrentFunc);
+ $context->setCurrentMyCode($saveCurrentCode);
+ $context->setCurrentMyfile($saveCurrentMyfile);
}
}
}
}
}
- if (!$atLeastOneIncludeResolved && $context->outputs->getResolveIncludes()) {
+ if (!$atLeastOneIncludeResolved && $context->outputs->getWriteIncludeFailures()) {
$myFileTemp = new MyFile(
$myFuncCall->getSourceMyFile()->getName(),
$myFuncCall->getLine(),
diff --git a/package/src/progpilot/Analysis/ResolveDefs.php b/package/src/progpilot/Analysis/ResolveDefs.php
index 113b2d45..d41a5b05 100644
--- a/package/src/progpilot/Analysis/ResolveDefs.php
+++ b/package/src/progpilot/Analysis/ResolveDefs.php
@@ -20,6 +20,7 @@
use progpilot\Code\Opcodes;
use progpilot\Code\MyInstruction;
+use progpilot\Objects\MyProperty;
use progpilot\Objects\MyClass;
use progpilot\Objects\MyOp;
use progpilot\Objects\MyInstance;
@@ -28,339 +29,90 @@
use progpilot\Dataflow\Definitions;
+use progpilot\Helpers\Analysis as HelpersAnalysis;
+
class ResolveDefs
{
- public static function funccallReturnValues($context, $myFuncCall, $instruction, $myCode, $index)
+ public static function funccallReturnValues($myFuncCall, $instruction, $virtualReturnDef)
{
if ($myFuncCall->getName() === "dirname") {
- $codes = $myCode->getCodes();
- if (isset($codes[$index + 2]) && $codes[$index + 2]->getOpcode() === Opcodes::END_ASSIGN) {
- $instructionDef = $codes[$index + 3];
- $myDefReturn = $instructionDef->getProperty(MyInstruction::DEF);
-
- if ($instruction->isPropertyExist("argdef0")) {
- $defarg = $instruction->getProperty("argdef0");
- foreach ($defarg->getLastKnownValues() as $knownValue) {
- $myDefReturn->addLastKnownValue(dirname($knownValue));
- }
+ if ($instruction->isPropertyExist("argdef0")) {
+ $defarg = $instruction->getProperty("argdef0");
+
+ foreach ($defarg->getCurrentState()->getLastKnownValues() as $knownValue) {
+ $virtualReturnDef->getCurrentState()->addLastKnownValue(dirname($knownValue));
}
}
}
}
- public static function propertyClass($context, $data, $mydef)
+ public static function funccallClass($context, $data, $myFuncCall, $instruction)
{
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+
$i = 0;
$classStackName = [];
- $currentFunc = $context->getCurrentFunc();
- if ($mydef->isType(MyDefinition::TYPE_PROPERTY)) {
- $properties = $mydef->property->getProperties();
- $tmpProperties = [];
-
- while (true) {
- $myDefTmp = new MyDefinition(
- $mydef->getLine(),
- $mydef->getColumn(),
- $mydef->getName()
- );
- $myDefTmp->setBlockId($mydef->getBlockId());
- $myDefTmp->setSourceMyFile($mydef->getSourceMyFile());
- $myDefTmp->property->setProperties($tmpProperties);
- $myDefTmp->addType(MyDefinition::TYPE_PROPERTY);
- $myDefTmp->setId($mydef->getId());
-
- $classStackName[$i] = [];
- if ($i === 0) {
- $instances = ResolveDefs::selectInstances(
- $context,
- $data->getOutMinusKill($mydef->getBlockId()),
- $myDefTmp
- );
- } else {
- $instances = ResolveDefs::selectProperties(
- $context,
- $data->getOutMinusKill($mydef->getBlockId()),
- $myDefTmp
- );
- }
-
- // if we have document.url but document hasn't been defined
- // we use the original name of the instance (document)
- if (count($instances) === 0) {
- $myClassNew = \progpilot\Analysis\CustomAnalysis::defineObject(
- $context,
- $mydef,
- $classStackName
- );
-
- if (!is_null($myClassNew)) {
- $mydef->addType(MyDefinition::TYPE_INSTANCE);
- $idObject = $context->getObjects()->addObject();
- $mydef->setObjectId($idObject);
- $context->getObjects()->addMyclassToObject($idObject, $myClassNew);
- }
-
- $classStackName[$i][] = $mydef;
- } else {
- foreach ($instances as $instance) {
- if ($instance->isType(MyDefinition::TYPE_INSTANCE)) {
- $objectId = $instance->getObjectId();
- $myClass = $context->getObjects()->getMyClassFromObject($objectId);
-
- if (!is_null($myClass) && isset($properties[$i])) {
- $property = $myClass->getProperty($properties[$i]);
-
- // if property doesn't exist by default it's a public property
- if (is_null($property) || (!is_null($property)
- && (ResolveDefs::getVisibility($myDefTmp, $property, $currentFunc)))) {
- $myClassNew = \progpilot\Analysis\CustomAnalysis::defineObject(
- $context,
- $myClass,
- $classStackName
- );
-
- if (!is_null($myClassNew)) {
- $idObject = $context->getObjects()->addObject();
- $instance->setObjectId($idObject);
- $context->getObjects()->addMyclassToObject($idObject, $myClassNew);
- }
-
- $classStackName[$i][] = $instance;
- }
- } else {
- $classStackName[$i][] = $instance;
- }
- }
- }
- }
-
- if (!isset($properties[$i])) {
- break;
- }
-
- $tmpProperties[] = $properties[$i];
-
- $i ++;
-
- if (!isset($properties[$i])) {
- break;
- }
- }
- }
+ if ($myFuncCall->getName() === "__construct") {
+ $myFakeInstance = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $myFuncCall->getLine(),
+ $myFuncCall->getColumn(),
+ "return__construct"
+ );
+ $myFakeInstance->addType(MyDefinition::TYPE_INSTANCE);
+ $myFakeInstance->getCurrentState()->addType(MyDefinition::TYPE_INSTANCE);
+ $myFakeInstance->setClassName($myFuncCall->getInstanceClassName());
- return $classStackName;
- }
+ HelpersAnalysis::createObject($context, $myFakeInstance);
- public static function funccallClass($context, $data, $myFuncCall)
- {
- $i = 0;
- $classStackName = [];
+ $opInformation["chained_results"][] = $myFakeInstance;
+ $context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
- if ($myFuncCall->getName() === "__construct") {
- $classStackName[$i][] = $myFuncCall->getBackDef();
+ $classStackName[$i][] = $myFakeInstance->getCurrentState();
} elseif ($myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD)) {
- $properties = $myFuncCall->getBackDef()->property->getProperties();
-
- $tmpProperties = [];
+ $myDefTmp = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentFunc()->getSourceMyFile(),
+ $myFuncCall->getLine(),
+ $myFuncCall->getColumn(),
+ $myFuncCall->getNameInstance()
+ );
- while (true) {
- $propValue = [];
+ $myDefTmp->addType(MyDefinition::TYPE_PROPERTY);
+ // we don't want the backdef but the original instance
+
+ $classStackName[$i] = [];
+ $previousChainedResults = $context->getCurrentFunc()->getOpInformation($varid);
- $myDefTmp = new MyDefinition(
- $myFuncCall->getLine(),
- $myFuncCall->getColumn(),
- $myFuncCall->getNameInstance()
+ if (!is_null($previousChainedResults)
+ && isset($previousChainedResults["chained_results"])) {
+ $instances = $previousChainedResults["chained_results"];
+ } else {
+ $instances = ResolveDefs::selectDefinitions(
+ $context,
+ $data,
+ $myDefTmp
);
- $myDefTmp->setBlockId($myFuncCall->getBlockId());
- $myDefTmp->setSourceMyFile($myFuncCall->getSourceMyFile());
- $myDefTmp->property->setProperties($tmpProperties);
- $myDefTmp->addType(MyDefinition::TYPE_PROPERTY);
- $myDefTmp->setId($myFuncCall->getBackDef()->getId() - 1);
- // we don't want the backdef but the original instance
-
- $classStackName[$i] = [];
- if ($i === 0) {
- $instances = ResolveDefs::selectInstances(
- $context,
- $data,
- $myDefTmp
- );
- } else {
- $instances = ResolveDefs::selectProperties($context, $data, $myDefTmp);
- }
-
- foreach ($instances as $instance) {
- if ($instance->isType(MyDefinition::TYPE_INSTANCE)) {
- $classStackName[$i][] = $instance;
- }
- }
-
- if (!isset($properties[$i])) {
- break;
- }
-
- $tmpProperties[] = $properties[$i];
-
- $i ++;
}
- }
-
- return $classStackName;
- }
-
- public static function instanceBuildBack($context, $data, $myFunc, $myClass, $myFuncCall, $visibility)
- {
- if (!is_null($myFunc) && $myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- if ($myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD)) {
- $myBackDef = $myFuncCall->getBackDef();
- //$myClass = $myFunc->getMyClass();
- $method = $myClass->getMethod($myFuncCall->getName());
- $newMyBackMyClass = $context->getObjects()->getMyClassFromObject($myBackDef->getObjectId());
-
- if (is_null($newMyBackMyClass)) {
- $newMyBackMyClass = new MyClass(
- $myClass->getLine(),
- $myClass->getColumn(),
- $myClass->getName()
- );
-
- $newMyBackMyClass->setExtendsOf($myClass->getExtendsOf());
- $context->getObjects()->addMyclassToObject($myBackDef->getObjectId(), $newMyBackMyClass);
- }
-
- $copyMyClass = clone $myClass;
-
- foreach ($copyMyClass->getProperties() as $property) {
- $myDef = new MyDefinition($myFunc->getLastLine() + 1, $myFunc->getLastColumn(), "this");
-
- $myDef->addType(MyDefinition::TYPE_PROPERTY);
- $myDef->property->setProperties($property->property->getProperties());
- $myDef->setBlockId($myFunc->getLastBlockId());
- $myDef->setSourceMyFile($myBackDef->getSourceMyFile());
-
- $newProperty = $newMyBackMyClass->getProperty($property->property->getProperties()[0]);
- if (is_null($newProperty)) {
- $newMyBackMyClass->addProperty($property);
- $newProperty = $property;
+ foreach ($instances as $instance) {
+ if ($instance->isType(MyDefinition::TYPE_PROPERTY)) {
+ $state = $instance->getState($context->getCurrentBlock()->getId());
+ if (!is_null($state) && $state->isType(MyDefinition::TYPE_INSTANCE)) {
+ $classStackName[$i][] = $state;
}
-
- $propertiesInside = ResolveDefs::selectProperties(
- $context,
- $myFunc->getDefs()->getOutMinusKill($myDef->getBlockId()),
- $myDef
- );
-
- foreach ($propertiesInside as $propertyInside) {
- ValueAnalysis::copyValues($propertyInside, $newProperty);
-
- TaintAnalysis::setTainted(
- $propertyInside->isTainted(),
- $newProperty,
- $propertyInside->getTaintedByExpr()
- );
-
- if ($propertyInside->isSanitized()) {
- $newProperty->setSanitized(true);
- foreach ($propertyInside->getTypeSanitized() as $typeSanitized) {
- $newProperty->addTypeSanitized($typeSanitized);
- }
- }
-
- if ($propertyInside->isType(MyDefinition::TYPE_INSTANCE)
- && !$newProperty->isType(MyDefinition::TYPE_INSTANCE)) {
- $newProperty->addType(MyDefinition::TYPE_INSTANCE);
- $newProperty->setObjectId($propertyInside->getObjectId());
- $newProperty->setClassName($propertyInside->getClassName());
-
- $myClass = $context->getObjects()->getMyClassFromObject($propertyInside->getObjectId());
- }
+ } else {
+ if ($instance->getCurrentState()->isType(MyDefinition::TYPE_INSTANCE)) {
+ $classStackName[$i][] = $instance->getCurrentState();
}
-
- $newProperty->setName($myBackDef->getName());
-
- ArrayAnalysis::copyArray(
- $context,
- $myFunc->getDefs()->getOutMinusKill($myDef->getBlockId()),
- $myDef,
- $myDef->getArrayValue(),
- $newProperty,
- $newProperty->getArrayValue()
- );
- }
-
- foreach ($copyMyClass->getMethods() as $method) {
- $newMethod = clone $method;
- $newMyBackMyClass->addMethod($newMethod);
}
}
- } elseif (is_null($myFunc)
- && $myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD)
- && !is_null($myClass)
- && $visibility) {
- // query return object custom rule
- //$query = $this->db->query("YOUR QUERY");
-
- // backdef instance should be update with the correct object
- // $row = $query->result();
- $myBackDef = $myFuncCall->getBackDef();
- $myClassTmp = $context->getClasses()->getMyClass($myClass->getName());
-
- if (is_null($myClassTmp)) {
- $myClassTmp = new MyClass(
- $myClass->getLine(),
- $myClass->getColumn(),
- $myClass->getName()
- );
- }
-
- $context->getObjects()->addMyclassToObject($myBackDef->getObjectId(), $myClassTmp);
}
- }
-
- public static function instanceBuildThis($context, $data, $objectId, $myClass, $myFunc, $myFuncCall)
- {
- if (!is_null($myFunc) && $myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD)) {
- //$copyMyClass = clone $myClass;
- //<= It was good ? clone for backdef and thisdef or only one of these two ?
- $copyMyClass = $myClass;
-
- foreach ($copyMyClass->getProperties() as $property) {
- $myDef = new MyDefinition(
- $myFuncCall->getLine(),
- $myFuncCall->getColumn(),
- $myFuncCall->getNameInstance()
- );
- $myDef->addType(MyDefinition::TYPE_PROPERTY);
- $myDef->property->setProperties($property->property->getProperties());
- $myDef->setBlockId($myFuncCall->getBlockId());
- $myDef->setSourceMyFile($myFuncCall->getSourceMyFile());
- $myDef->setId($myFuncCall->getId());
-
- $defsFound = ResolveDefs::selectProperties($context, $data, $myDef, true);
- foreach ($defsFound as $defFound) {
- if ($defFound->isType(MyDefinition::TYPE_COPY_ARRAY)) {
- $property->setCopyArrays($defFound->getCopyArrays());
- $property->addType(MyDefinition::TYPE_COPY_ARRAY);
- }
-
- ValueAnalysis::copyValues($defFound, $property);
- TaintAnalysis::setTainted($defFound->isTainted(), $property, $defFound->getTaintedByExpr());
-
- if ($defFound->isSanitized()) {
- $property->setSanitized(true);
- foreach ($defFound->getTypeSanitized() as $typeSanitized) {
- $property->addTypeSanitized($typeSanitized);
- }
- }
- }
-
- $property->setName("this");
- }
- $context->getObjects()->addMyclassToObject($objectId, $copyMyClass);
- }
+ return $classStackName;
}
// def1 and def2 defined in different files
@@ -368,78 +120,125 @@ public static function instanceBuildThis($context, $data, $objectId, $myClass, $
public static function isNearestIncludes($def1, $def2)
{
$def1IncludedByDef2 = false;
+ $def1IncludedToDef2 = false;
+
+ /*
+ file1.php
+ echo $def1; <= def1 (file1.php from file2.php)
- $myFile = $def1->getSourceMyFile();
- while (!is_null($myFile)) {
- $myFileFrom = $myFile->getIncludedFromMyfile();
+ file2.php
+ $def1 <= def2 (file2.php to file2.php)
+ include("file1.php")
+ */
+
+ $myFilef = $def1->getSourceMyFile();
+ while (!is_null($myFilef)) {
+ $myFileFrom = $myFilef->getIncludedFromMyfile();
if (!is_null($myFileFrom) && ($myFileFrom->getName() === $def2->getSourceMyFile()->getName())) {
$def1IncludedByDef2 = true;
break;
}
- $myFile = $myFileFrom;
+ $myFilef = $myFileFrom;
+ }
+
+ $myFilet = $def1->getSourceMyFile();
+ while (!is_null($myFilet)) {
+ $myFileTo = $myFilet->getIncludedToMyfile();
+ if (!is_null($myFileTo) && ($myFileTo->getName() === $def2->getSourceMyFile()->getName())) {
+ $def1IncludedToDef2 = true;
+ break;
+ }
+
+ $myFilet = $myFileTo;
}
- if (!$def1IncludedByDef2) {
+ /* same thing but for def2 */
+ if (!$def1IncludedToDef2 && !$def1IncludedByDef2) {
$def2IncludedByDef1 = false;
- $myFile = $def2->getSourceMyFile();
- while (!is_null($myFile)) {
- $myFileFrom = $myFile->getIncludedFromMyfile();
+ $def2IncludedToDef1 = false;
+
+ $myFilef = $def2->getSourceMyFile();
+ while (!is_null($myFilef)) {
+ $myFileFrom = $myFilef->getIncludedFromMyfile();
if (!is_null($myFileFrom) && ($myFileFrom->getName() === $def1->getSourceMyFile()->getName())) {
$def2IncludedByDef1 = true;
break;
}
- $myFile = $myFileFrom;
+ $myFilef = $myFileFrom;
}
- }
- // the two defs are defined in different included file
- if (!$def1IncludedByDef2 && !$def2IncludedByDef1) {
- $myFileDef1 = $def1->getSourceMyFile();
- while (!is_null($myFileDef1)) {
- $myFileDef2 = $def2->getSourceMyFile();
- while (!is_null($myFileDef2)) {
- // we found the file from where the include chain start
- if ($myFileDef1->getName() === $myFileDef2->getName()) {
- // if the file of def1 is included later so def1 is deeper
- if (($myFileDef1->getLine() > $myFileDef2->getLine())
- || ($myFileDef1->getLine() === $myFileDef2->getLine()
- && $myFileDef1->getColumn() >= $myFileDef2->getColumn())) {
- return true;
- } else {
- return false;
- }
- }
-
- $myFileDef2 = $myFileDef2->getIncludedFromMyfile();
+ $myFilet = $def2->getSourceMyFile();
+ while (!is_null($myFilet)) {
+ $myFileTo = $myFilet->getIncludedToMyfile();
+ if (!is_null($myFileTo) && ($myFileTo->getName() === $def1->getSourceMyFile()->getName())) {
+ $def2IncludedToDef1 = true;
+ break;
}
- $myFileDef1 = $myFileDef1->getIncludedFromMyfile();
+ $myFilet = $myFileTo;
}
}
// def1 is included by file from def2
// but def2 defined before or after the include ?
+
+ /*
+ file1.php
+ echo $def1; <= def1 (file1.php from file2.php)
+
+ file2.php
+ $def1 <= def2 (file2.php to file2.php)
+ include("file1.php")
+ */
if ($def1IncludedByDef2) {
- // def2 defined after the include so def2 is deeper
- if (($def2->getLine() > $myFile->getLine())
- || ($def2->getLine() === $myFile->getLine()
- && $def2->getColumn() >= $myFile->getColumn())) {
+ // def2 defined after the include
+ if (($def2->getLine() > $myFilef->getLine())
+ || ($def2->getLine() === $myFilef->getLine()
+ && $def2->getColumn() >= $myFilef->getColumn())) {
return false;
}
return true;
}
+ if ($def1IncludedToDef2) {
+ // def2 defined before the include
+ if (($def1->getLine() > $myFilet->getLine())
+ || ($def1->getLine() === $myFilet->getLine()
+ && $def1->getColumn() >= $myFilet->getColumn())) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /*
+ file1.php
+ $def1
+
+ file2.php
+ echo $def1 (def2) <= def1 (file1.php from file2.php)
+ include("file1.php")
+ */
// def2 is included by file from def1
// but def1 defined before or after the include ?
if ($def2IncludedByDef1) {
- // def1 defined after the include so def1 is deeper
+ // def1 defined after the include
+ if (($def1->getLine() > $myFilef->getLine())
+ || ($def1->getLine() === $myFilef->getLine()
+ && $def1->getColumn() >= $myFilef->getColumn())) {
+ return true;
+ }
- if (($def1->getLine() > $myFile->getLine())
- || ($def1->getLine() === $myFile->getLine()
- && $def1->getColumn() >= $myFile->getColumn())) {
+ return false;
+ }
+ if ($def2IncludedToDef1) {
+ // def1 defined before the include
+ if (($def2->getLine() > $myFilet->getLine())
+ || ($def2->getLine() === $myFilet->getLine()
+ && $def2->getColumn() >= $myFilet->getColumn())) {
return true;
}
@@ -493,21 +292,17 @@ public static function getVisibilityMethod($defName, $method)
public static function getVisibility($def, $property, $currentFunc)
{
if (!is_null($def)
- && $def->isType(MyDefinition::TYPE_PROPERTY)
- && $def->getName() === "this") {
+ && $def->getName() === "this") {
return true;
}
if (!is_null($def) && !is_null($currentFunc) && !is_null($currentFunc->getMyClass())
- && $def->isType(MyDefinition::TYPE_STATIC_PROPERTY)
&& $def->getName() === $currentFunc->getMyClass()->getName()) {
return true;
}
if (!is_null($property)
- && ($property->isType(MyDefinition::TYPE_PROPERTY)
- || $property->isType(MyDefinition::TYPE_STATIC_PROPERTY))
- && $property->property->getVisibility() === "public") {
+ && $property->getVisibility() === "public") {
return true;
}
@@ -521,42 +316,37 @@ public static function getVisibilityFromInstances($context, $data, $defAssign)
if ($defAssign->isType(MyDefinition::TYPE_PROPERTY)) {
$copyDefAssign = clone $defAssign;
- $prop = $copyDefAssign->property->popProperty();
+ //$prop = $copyDefAssign->property->popProperty();
+ $prop = $defAssign->getName();
$visibilityFinal = false;
- $instances = ResolveDefs::selectInstances($context, $data, $copyDefAssign);
-
+ $instances = ResolveDefs::selectDefinitions($context, $data, $copyDefAssign);
foreach ($instances as $instance) {
if ($instance->isType(MyDefinition::TYPE_INSTANCE)) {
- $idObject = $instance->getObjectId();
+ $idObject = $instance->getCurrentState()->getObjectId();
$tmpMyClass = $context->getObjects()->getMyClassFromObject($idObject);
if (!is_null($tmpMyClass)) {
- $property = $tmpMyClass->getProperty($prop);
+ $property = $tmpMyClass->getProperty($context, $instance, $prop);
if (!is_null($property)
&& (ResolveDefs::getVisibility($copyDefAssign, $property, $currentFunc))) {
$visibilityFinal = true;
break;
- } elseif (is_null($property)) {
+ }/* elseif (is_null($property)) {
$visibilityFinal = true; // property doesn't exist
- }
+ }*/
} else {
$visibilityFinal = true; // class not defined
}
}
}
-/*
- if (count($instances) === 0) {
- $visibilityFinal = true;
- }
- */
} elseif ($defAssign->isType(MyDefinition::TYPE_STATIC_PROPERTY)) {
$visibilityFinal = false;
$myClass = $context->getClasses()->getMyClass($defAssign->getName());
if (!is_null($myClass)) {
- $property = $myClass->getProperty($defAssign->property->getProperties()[0]);
+ $property = $myClass->getProperty($defAssign->property->getProperties());
if (!is_null($property)
&& (ResolveDefs::getVisibility($defAssign, $property, $currentFunc))) {
$visibilityFinal = true;
@@ -567,7 +357,7 @@ public static function getVisibilityFromInstances($context, $data, $defAssign)
return $visibilityFinal;
}
- public static function selectDefinitions($context, $data, $searchedDed, $bypassIsNearest = false)
+ public static function selectDefinitions($context, $data, $searchedDed)
{
$defsFound = [];
if (is_null($data)) {
@@ -575,28 +365,10 @@ public static function selectDefinitions($context, $data, $searchedDed, $bypassI
}
foreach ($data as $def) {
- if (Definitions::defEquality($def, $searchedDed, $bypassIsNearest)
- && ResolveDefs::isNearest($context, $searchedDed, $def)) {
- // CA SERT A QUOI ICI REDONDANT AVEC LE DERNIER ?
- if ($def->isType(MyDefinition::TYPE_INSTANCE)
- && $searchedDed->isType(MyDefinition::TYPE_INSTANCE)) {
- $defsFound[$def->getBlockId()][] = $def;
- } elseif (($def->isType(MyDefinition::TYPE_PROPERTY) ===
- $searchedDed->isType(MyDefinition::TYPE_PROPERTY))
- || ($def->isType(MyDefinition::TYPE_INSTANCE) ===
- $searchedDed->isType(MyDefinition::TYPE_INSTANCE))) {
- if ($def->isType(MyDefinition::TYPE_PROPERTY)
- && $searchedDed->isType(MyDefinition::TYPE_PROPERTY)) {
- $defsFound[$def->getBlockId()][] = $def;
- } elseif (!$def->isType(MyDefinition::TYPE_PROPERTY)
- && !$searchedDed->isType(MyDefinition::TYPE_PROPERTY)) {
- $defsFound[$def->getBlockId()][] = $def;
- }
- } elseif (!$def->isType(MyDefinition::TYPE_INSTANCE)
- && $searchedDed->isType(MyDefinition::TYPE_PROPERTY)) {
- // we are looking for the nearest not instance of a property
- $defsFound[$def->getBlockId()][] = $def;
- }
+ if (Definitions::defEquality($def, $searchedDed)
+ && ResolveDefs::isNearest($context, $searchedDed, $def)) {
+ // we are looking for the nearest not instance of a property
+ $defsFound[$def->getBlockId()][] = $def;
}
}
@@ -613,373 +385,150 @@ public static function selectDefinitions($context, $data, $searchedDed, $bypassI
foreach ($defsFoundGood as $blockDefs) {
$nearestDef = null;
foreach ($blockDefs as $blockId => $defLast) {
- if (!$bypassIsNearest) {
- if (ResolveDefs::isNearest($context, $searchedDed, $defLast)) {
- if (is_null($nearestDef) || ResolveDefs::isNearest($context, $defLast, $nearestDef)) {
- $nearestDef = $defLast;
- }
+ if (ResolveDefs::isNearest($context, $searchedDed, $defLast)) {
+ if (is_null($nearestDef) || ResolveDefs::isNearest($context, $defLast, $nearestDef)) {
+ $nearestDef = $defLast;
}
- } else {
- $trueDefsFound[] = $defLast;
}
}
- if (!is_null($nearestDef) && !$bypassIsNearest) {
+ if (!is_null($nearestDef)) {
$trueDefsFound[] = $nearestDef;
}
}
- return $trueDefsFound;
+
+ $trueDefsFoundParams = [];
+ foreach ($trueDefsFound as $trueDef) {
+ if (!is_null($trueDef->getParamToArg())) {
+ $trueDef = $trueDef->getParamToArg();
+ }
+ $trueDefsFoundParams[] = $trueDef;
+ }
+
+ return $trueDefsFoundParams;
}
- public static function selectInstances($context, $data, $tempDefa, $bypassIsNearest = false)
+ public static function selectArrays($context, $data, $tempDefa, $arrayDim)
{
- $instancesDefs = [];
+ $arrayDefs = [];
- // we can have multiple instances with the same property assigned
- // we are looking for and instance, not a property
$copyTempDefa = clone $tempDefa;
+ $copyTempDefa->addType(MyDefinition::TYPE_ARRAY);
- if (!$copyTempDefa->isType(MyDefinition::TYPE_INSTANCE)) {
- $copyTempDefa->addType(MyDefinition::TYPE_INSTANCE);
- }
-
- if ($copyTempDefa->isType(MyDefinition::TYPE_ARRAY)) {
- $copyTempDefa->removeType(MyDefinition::TYPE_ARRAY);
- }
-
- $copyTempDefa->setArrayValue(false);
-
- $instancesDefs = ResolveDefs::selectDefinitions(
+ $arrayDefsTmp = ResolveDefs::selectDefinitions(
$context,
$data,
- $copyTempDefa,
- $bypassIsNearest
+ $copyTempDefa
);
- return $instancesDefs;
+ foreach ($arrayDefsTmp as $arrayDef) {/*
+ if (!is_null($arrayDef->getParamToArg())) {
+ $arrayDef = $arrayDef->getParamToArg();
+ }
+*/
+ $arrayDefs[] = $arrayDef
+ ->getCurrentState()
+ ->getOrCreateDefArrayIndex($tempDefa->getBlockId(), $arrayDef, $arrayDim);
+ }
+
+ return $arrayDefs;
}
- public static function selectProperties($context, $data, $tempDefa, $bypassVisibility = false)
+ public static function selectStaticProperties($context, $tempDef, $propertyName)
{
- $propertiesDefs = [];
$currentFunc = $context->getCurrentFunc();
+ $className = $tempDef->getName();
- if ($tempDefa->isType(MyDefinition::TYPE_PROPERTY)) {
- $propLine = $tempDefa->getLine();
- $propColumn = $tempDefa->getColumn();
-
- $tempDefaProp = clone $tempDefa;
- $firstProperties = [];
- $isFirstProperty = true;
- $propertyExist = false;
-
- if (is_array($tempDefa->property->getProperties())) {
- $myProperties = $tempDefa->property->getProperties();
- for ($indexProperty = count($myProperties) - 1; $indexProperty !== -1; $indexProperty --) {
- $tempDefaProp->setLine($propLine);
- $tempDefaProp->setColumn($propColumn);
-
- $defs = ResolveDefs::selectDefinitions(
- $context,
- $data,
- $tempDefaProp,
- $bypassVisibility
- );
-
- $tempDefaProp->property->popProperty();
- $prop = $myProperties[$indexProperty];
-
- if (count($defs) > 0) {
- foreach ($defs as $defa) {
- if ($defa->isType(MyDefinition::TYPE_PROPERTY)) {
- // if we found a property, we are looking for the nearest instance or not instance
- // and we are looking for an instance that contains this visible property
- $instances = ResolveDefs::selectInstances($context, $data, $tempDefaProp);
-
- foreach ($instances as $instance) {
- $idObject = $instance->getObjectId();
- $tmpMyClass = $context->getObjects()->getMyClassFromObject($idObject);
-
- if (!is_null($tmpMyClass)) {
- $property = $tmpMyClass->getProperty($prop);
-
- if (!is_null($property)
- && (ResolveDefs::getVisibility($defa, $property, $currentFunc)
- || $bypassVisibility)) {
- $propertyExist = true;
-
- if ($isFirstProperty || $bypassVisibility) {
- $isFirstProperty = false;
-
- // if the instance is nearest (deeper) than the property,
- // it has the priority
- if (ResolveDefs::isNearest($context, $instance, $defa)) {
- $firstProperties[] = $property;
- } else {
- // else property exist in the nearest instance
- //but property has the priority
- $firstProperties[] = $defa;
- }
- }
- }
- }
- }
-
- if (count($instances) === 0 && !$isFirstProperty) {
- $propertyExist = true;
- $firstProperties[] = $defa;
- }
- }
- }
- } else {
- // we didn't find a property, we are looking for the nearest instance
- // or not instance
-
- $instances = ResolveDefs::selectInstances($context, $data, $tempDefaProp);
-
- foreach ($instances as $instance) {
- if ($instance->isType(MyDefinition::TYPE_INSTANCE)) {
- if ($instance->property->hasProperty("PROGPILOT_ALL_PROPERTIES_TAINTED")) {
- //$propertiesDefs[] = $tempDefa;
- $tempDefa->setTaintedByExpr($instance->getTaintedByExpr());
- $tempDefa->setTainted(true);
- } else {
- for ($i = $indexProperty; $i < count($myProperties); $i++) {
- $idObject = $instance->getObjectId();
- $tmpMyClass = $context->getObjects()->getMyClassFromObject($idObject);
-
- if (!is_null($tmpMyClass)) {
- $prop = $myProperties[$i];
- $property = $tmpMyClass->getProperty($prop);
-
- if (!is_null($property)
- && (ResolveDefs::getVisibility(
- $tempDefaProp,
- $property,
- $currentFunc
- )
- || $bypassVisibility)) {
- $limit = count($myProperties) - 1;
-
- if ($property->isType(MyDefinition::TYPE_INSTANCE)
- && $i < (count($myProperties) - 1)) {
- $instance = $property;
- } elseif ($i === (count($myProperties) - 1)) {
- $propertiesDefs[] = $property;
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
+ $myClass = $context->getClasses()->getMyClass($className);
- if ($propertyExist) {
- foreach ($firstProperties as $first_property) {
- $propertiesDefs[] = $first_property;
- }
+ if (!is_null($myClass)) {
+ $property = $myClass->getProperty($context, $tempDef->getBlockId(), $tempDef, $propertyName);
+
+ if (!is_null($property)
+ && (ResolveDefs::getVisibility($tempDef, $property, $currentFunc))) {
+ return $property;
}
}
- return $propertiesDefs;
+ return null;
}
- public static function selectGlobals($globalName, $context, $data, $tempDefa, $isIterator, $isAssign, $callStack)
+ public static function selectProperties($context, $data, $tempDefa, $propertyName)
{
- if (is_array($callStack)) {
- for ($callNumber = count($callStack) - 1; $callNumber !== 0; $callNumber --) {
- $currentContextCall = $callStack[$callNumber][4];
+ $propertiesDefs = [];
+ $currentFunc = $context->getCurrentFunc();
- // ca peut arriver si on est dans le main() est qu'on appelle une globale
- if (!is_null($currentContextCall->func_called) && !is_null($currentContextCall->func_callee)) {
- // we can't looking for an element of a global array in PHP
- $tempDefa->removeType(MyDefinition::TYPE_ARRAY);
- $tempDefa->setArrayValue(false);
-
- $tempDefa->setName($globalName);
- $tempDefa->setLine($currentContextCall->func_called->getLine());
- $tempDefa->setColumn($currentContextCall->func_called->getColumn());
- $tempDefa->setBlockId($currentContextCall->func_callee->getLastBlockId());
-
- $resGlobal = ResolveDefs::temporarySimple(
- $context,
- $currentContextCall->func_callee->getDefs(),
- $tempDefa,
- $isIterator,
- $isAssign,
- $currentContextCall
- );
- if (!(count($resGlobal) === 1 && $resGlobal[0] === $tempDefa)) {
- return $resGlobal;
- }
- }
- }
- }
+ $tempDefaProp = clone $tempDefa;
- return array();
- }
-
- public static function selectStaticProperty($context, $data, $tempDefa, $isIterator, $isAssign, $callStack)
- {
- if (is_array($callStack)) {
- // we are looking in first for a possible static property defined inside the function
- $resStatic = ResolveDefs::temporarySimple(
- $context,
- $data,
- $tempDefa,
- $isIterator,
- $isAssign,
- $callStack,
- true
- );
-
- if (!(count($resStatic) === 1 && $resStatic[0] === $tempDefa)) {
- return $resStatic;
+ $instances = ResolveDefs::selectDefinitions($context, $data, $tempDefaProp);
+
+ foreach ($instances as $instance) {
+ if ($instance->isType(MyDefinition::TYPE_ITERATOR)
+ && !empty($instance->getIteratorValues())
+ && $instance->getIteratorValues()[0]->getCurrentState()->isType(MyDefinition::TYPE_INSTANCE)) {
+ // source of type array of properties
+ $instance = $instance->getIteratorValues()[0];
}
- // if no result we are looking inside the callee functions
- for ($callNumber = count($callStack) - 1; $callNumber >= 0; $callNumber --) {
- $currentContextCall = $callStack[$callNumber][4];
+ if ($instance->isType(MyDefinition::TYPE_PROPERTY)
+ || $instance->isType(MyDefinition::TYPE_ARRAY_ELEMENT)) {
+ $state = $instance->getState($tempDefaProp->getBlockId());
+ $stateId = $tempDefaProp->getBlockId();
+ } else {
+ $state = $instance->getCurrentState();
+ $stateId = $instance->getBlockId();
+ }
- // ca peut arriver si on est dans le main() est qu'on appelle une static
- if (!is_null($currentContextCall->func_called) && !is_null($currentContextCall->func_callee)) {
- $tempDefa->setLine($currentContextCall->func_called->getLine());
- $tempDefa->setColumn($currentContextCall->func_called->getColumn());
- $tempDefa->setBlockId($currentContextCall->func_callee->getLastBlockId());
-
- $resGlobal = ResolveDefs::temporarySimple(
- $context,
- $currentContextCall->func_callee->getDefs(),
- $tempDefa,
- $isIterator,
- $isAssign,
- $callStack,
- true
- );
- if (!(count($resGlobal) === 1 && $resGlobal[0] === $tempDefa)) {
- return $resGlobal;
+ if (!is_null($state) && $state->isType(MyDefinition::TYPE_INSTANCE)) {
+ $idObject = $state->getObjectId();
+ $tmpMyClass = $context->getObjects()->getMyClassFromObject($idObject);
+
+ if (!is_null($tmpMyClass)) {
+ $property = $tmpMyClass->getProperty($context, $stateId, $instance, $propertyName);
+ if (!is_null($property)) {
+ if (ResolveDefs::getVisibility($tempDefaProp, $property, $currentFunc)) {
+ $propertiesDefs[] = [$property, $tmpMyClass];
+ }
}
}
}
}
- return array();
+ return $propertiesDefs;
}
+ public static function selectGlobals($context, $defa)
+ {
+ $callStack = $context->getCallStack();
- public static function temporarySimple(
- $context,
- $data,
- $tempDefa,
- $isIterator,
- $isAssign,
- $callStack,
- $bypassStatic = false
- ) {
- if ($tempDefa->isType(MyDefinition::TYPE_STATIC_PROPERTY) && !$bypassStatic) {
- return ResolveDefs::selectStaticProperty(
- $context,
- $data,
- $tempDefa,
- $isIterator,
- $isAssign,
- $callStack
- );
- } elseif ($tempDefa->isType(MyDefinition::TYPE_ARRAY) && $tempDefa->getName() === "GLOBALS") {
- return ResolveDefs::selectGlobals(
- key($tempDefa->getArrayValue()),
- $context,
- $data,
- $tempDefa,
- $isIterator,
- $isAssign,
- $callStack
- );
- } else {
- $myExpr = $tempDefa->getExpr();
-
- if ($tempDefa->isType(MyDefinition::TYPE_PROPERTY)) {
- $defs = ResolveDefs::selectProperties(
- $context,
- $data->getOutMinusKill($tempDefa->getBlockId()),
- $tempDefa
- );
- } else {
- $defs = ResolveDefs::selectDefinitions(
- $context,
- $data->getOutMinusKill($tempDefa->getBlockId()),
- $tempDefa,
- $isIterator
- );
- }
+ if (is_array($callStack)) {
+ for ($callNumber = count($callStack) - 1; $callNumber !== 0; $callNumber --) {
+ $currentContextCall = $callStack[$callNumber][3];
+ // ca peut arriver si on est dans le main() est qu'on appelle une globale
+ if (!is_null($currentContextCall->func_called) && !is_null($currentContextCall->func_callee)) {
+ // we can't looking for an element of a global array in PHP
+ foreach ($currentContextCall->func_callee->getLastBlockIds() as $lastBlockId) {
+ $tempDefa = clone $defa;
+ $tempDefa->setLine($currentContextCall->func_called->getLine());
+ $tempDefa->setColumn($currentContextCall->func_called->getColumn());
+ $tempDefa->setBlockId($lastBlockId);
- $goodDefs = [];
- if (count($defs) > 0) {
- foreach ($defs as $defz) {
- if ($defz->isType(MyDefinition::TYPE_GLOBAL)) {
- return ResolveDefs::selectGlobals(
- $defz->getName(),
- $context,
- $data,
- $tempDefa,
- $isIterator,
- $isAssign,
- $callStack
- );
- } else {
- $defaa = ArrayAnalysis::temporarySimple(
+ $resGlobal = ResolveDefs::selectDefinitions(
$context,
- $data->getOutMinusKill($tempDefa->getBlockId()),
- $tempDefa,
- $defz,
- $isIterator,
- $isAssign
+ $currentContextCall->func_callee->getDefs()->getOutMinusKill($tempDefa->getBlockId()),
+ $tempDefa
);
- foreach ($defaa as $defa) {
- if ($defa->isType(MyDefinition::TYPE_REFERENCE)) {
- $refDef = new MyDefinition(
- $tempDefa->getLine(),
- $tempDefa->getColumn(),
- $defa->getRefName()
- );
- $refDef->setBlockId($tempDefa->getBlockId());
- $refDef->setSourceMyFile($tempDefa->getSourceMyFile());
-
- if ($defa->isType(MyDefinition::TYPE_ARRAY_REFERENCE)) {
- $refDef->addType(MyDefinition::TYPE_ARRAY);
- $refDef->setArrayValue($defa->getRefArrValue());
- }
-
- $trueRefs = ResolveDefs::selectDefinitions(
- $context,
- $data->getOutMinusKill($refDef->getBlockId()),
- $refDef
- );
-
- foreach ($trueRefs as $ref) {
- $myExpr->addDef($ref);
- $goodDefs[] = $ref;
- }
-
- unset($trueRefs);
- } else {
- $myExpr->addDef($defa);
- $goodDefs[] = $defa;
- }
+ // to not call recursively this function
+ if (!(count($resGlobal) === 1 && $resGlobal[0] === $tempDefa)) {
+ return $resGlobal;
}
}
}
- } else {
- $myExpr->addDef($tempDefa);
- $goodDefs[] = $tempDefa;
}
-
- return $goodDefs;
}
+
+ return array();
}
}
diff --git a/package/src/progpilot/Analysis/SecurityAnalysis.php b/package/src/progpilot/Analysis/SecurityAnalysis.php
index 1d3e97de..0d3d7163 100644
--- a/package/src/progpilot/Analysis/SecurityAnalysis.php
+++ b/package/src/progpilot/Analysis/SecurityAnalysis.php
@@ -22,15 +22,17 @@
use progpilot\Objects\MyDefinition;
use progpilot\Code\MyInstruction;
+use progpilot\Helpers\Analysis as HelpersAnalysis;
+
class SecurityAnalysis
{
- public static function inArraySource($temp, $name, $line, $column, $file)
+ public static function inArrayStateSource($temp, $ret)
{
for ($i = 0; $i < count($temp["source_name"]); $i ++) {
- if ($temp["source_name"][$i] === $name
- && $temp["source_line"][$i] === $line
- && $temp["source_column"][$i] === $column
- && $temp["source_file"][$i] === $file) {
+ if ($temp["source_name"][$i] === $ret["source_name"]
+ && $temp["source_line"][$i] === $ret["source_line"]
+ && $temp["source_column"][$i] === $ret["source_column"]
+ && $temp["source_file"][$i] === $ret["source_file"]) {
return true;
}
}
@@ -38,20 +40,83 @@ public static function inArraySource($temp, $name, $line, $column, $file)
return false;
}
- public static function isSafe($indexParameter, $myDef, $mySink, $isFlow = false)
+ public static function funccall($context, $instruction, $myClass = null)
+ {
+ $myFuncCall = $instruction->getProperty(MyInstruction::MYFUNC_CALL);
+
+ $mySink = $context->inputs->getSinkByName($myFuncCall, $myClass);
+ if (!is_null($mySink)) {
+ $nbParams = $myFuncCall->getNbParams();
+ for ($i = 0; $i < $nbParams; $i ++) {
+ $myDefArg = $instruction->getProperty("argdef$i");
+
+ if (!$mySink->hasParameters() || ($mySink->hasParameters() && $mySink->isParameter($i + 1))) {
+ SecurityAnalysis::callbis(
+ $i + 1,
+ $myFuncCall,
+ $context,
+ $mySink,
+ $myDefArg
+ );
+ }
+ }
+ }
+ }
+
+ public static function taintedStateFlow($context, $mySink, $indexParameter, $taintedDef, $taintedState)
+ {
+ $resultTaintedFlow = [];
+ $idFlow = \progpilot\Utils::printDefinition($mySink->getLanguage(), $taintedDef);
+
+ do {
+ $fromTaintedByDefs = $taintedState->getTaintedByDefs();
+
+ $taintedDef = null;
+
+ foreach ($fromTaintedByDefs as $fromTaintedByDef) {
+ $fromTaintedDef = $fromTaintedByDef[0];
+ $fromTaintedState = $fromTaintedByDef[1];
+
+ $possibleConditions = ["QUOTES", "object_tainted", "array_tainted", "variable_tainted", null];
+ foreach ($possibleConditions as $condition) {
+ if ($mySink->isParameterCondition($indexParameter, $condition)) {
+ if (!SecurityAnalysis::isSafeStateCondition(
+ $context,
+ $mySink,
+ $fromTaintedState,
+ $condition,
+ true
+ )) {
+ $ret = SecurityAnalysis::getPrintableTaintedDef($mySink, $fromTaintedDef);
+
+ $oneTainted["flow_name"] = $ret["source_name"];
+ $oneTainted["flow_line"] = $ret["source_line"];
+ $oneTainted["flow_column"] = $ret["source_column"];
+ $oneTainted["flow_file"] =$ret["source_file"];
+
+ $resultTaintedFlow[] = $oneTainted;
+
+ $idFlow .= \progpilot\Utils::printDefinition($mySink->getLanguage(), $fromTaintedDef);
+ $idFlow .= "-".$fromTaintedDef->getSourceMyFile()->getName();
+ $taintedDef = $fromTaintedDef;
+ $taintedState = $fromTaintedState;
+ break 2;
+ }
+ }
+ }
+ }
+ } while (!is_null($taintedDef));
+
+ return [$resultTaintedFlow, $idFlow];
+ }
+
+ public static function isSafeState($context, $mySink, $indexParameter, $myState)
{
$possibleConditions = ["QUOTES", "object_tainted", "array_tainted", "variable_tainted", null];
- foreach ($possibleConditions as $possibleCondition) {
- if ($mySink->isParameterCondition($indexParameter, $possibleCondition)) {
- if (!SecurityAnalysis::isSafeCondition(
- $indexParameter,
- $myDef,
- $mySink,
- $possibleCondition,
- $isFlow
- )
- ) {
+ foreach ($possibleConditions as $condition) {
+ if ($mySink->isParameterCondition($indexParameter, $condition)) {
+ if (!SecurityAnalysis::isSafeStateCondition($context, $mySink, $myState, $condition)) {
return false;
}
}
@@ -59,190 +124,78 @@ public static function isSafe($indexParameter, $myDef, $mySink, $isFlow = false)
return true;
}
-
- public static function isSafeCondition($indexParameter, $myDef, $mySink, $condition, $isFlow)
+
+ public static function isSafeStateCondition($context, $mySink, $state, $condition, $isFlow = false)
{
- if ($myDef->isTainted()
- && $myDef->getCast() === MyDefinition::CAST_NOT_SAFE
- && $myDef->getArrayValue() !== "PROGPILOT_ALL_INDEX_TAINTED"
- && !$myDef->property->hasProperty("PROGPILOT_ALL_PROPERTIES_TAINTED")) {
- if ($myDef->isSanitized()) {
- if ($myDef->isTypeSanitized($mySink->getAttack())
- || $myDef->isTypeSanitized("ALL")) {
+ if (($state->isTainted())
+ && $state->getCast() === MyDefinition::CAST_NOT_SAFE
+ && $condition !== "object_tainted"
+ && $condition !== "array_tainted") {
+ if ($state->isSanitized()) {
+ if ($state->isTypeSanitized($mySink->getAttack())
+ || $state->isTypeSanitized("ALL")) {
// 1° the argument of sink must be quoted
- if ($condition === "QUOTES" && !$myDef->isTypeSanitized("ALL")) {
+ if ($condition === "QUOTES" && !$state->isTypeSanitized("ALL")) {
// the def is embedded into quotes but quotes are not sanitized
- if (!$myDef->isTypeSanitized("QUOTES") && $myDef->getIsEmbeddedByChar("'")) {
+ if (!$state->isTypeSanitized("QUOTES")
+ && $state->getIsEmbeddedByChar("'")) {
return false;
}
// the def is not embedded into quotes
- if (!$myDef->getIsEmbeddedByChar("'")) {
+ if (!$state->getIsEmbeddedByChar("'")) {
return false;
}
}
if ($mySink->isGlobalCondition("QUOTES_HTML")
- && !$myDef->isTypeSanitized("ALL")) {
- if (!$myDef->isTypeSanitized("QUOTES") && $myDef->getIsEmbeddedByChar("<")
- && $myDef->getIsEmbeddedByChar("'")) {
+ && !$state->isTypeSanitized("ALL")) {
+ if (!$state->isTypeSanitized("QUOTES") && $state->getIsEmbeddedByChar("<")
+ && $state->getIsEmbeddedByChar("'")) {
return false;
}
- if ($myDef->getIsEmbeddedByChar("<") && !$myDef->getIsEmbeddedByChar("'")) {
+ if ($state->getIsEmbeddedByChar("<")
+ && !$state->getIsEmbeddedByChar("'")) {
return false;
}
}
-
- return true;
+ } else {
+ return false; // not safe because type not sanitized
}
+
+ return true;
}
- return false;
- } elseif (($condition === "array_tainted" || $isFlow)
- && $myDef->getArrayValue() === "PROGPILOT_ALL_INDEX_TAINTED") {
return false;
} elseif (($condition === "object_tainted" || $isFlow)
- && $myDef->property->hasProperty("PROGPILOT_ALL_PROPERTIES_TAINTED")) {
+ && $state->isType(MyDefinition::TYPE_INSTANCE)
+ && $state->isType(MyDefinition::ALL_PROPERTIES_TAINTED)) {
+ return false;
+ } elseif (($condition === "array_tainted" || $isFlow)
+ && $state->isType(MyDefinition::TYPE_ARRAY)
+ && $state->isType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED)) {
return false;
}
-
+
return true;
}
- public static function funccall($stackClass, $context, $instruction, $myClass = null)
- {
- $myFuncCall = $instruction->getProperty(MyInstruction::MYFUNC_CALL);
- $nameInstance = null;
- if ($myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD)) {
- $nameInstance = $myFuncCall->getNameInstance();
- }
-
- $mySink = $context->inputs->getSinkByName($context, $stackClass, $myFuncCall, $myClass);
- if (!is_null($mySink)) {
- $nbParams = $myFuncCall->getNbParams();
- $conditionRespected = true;
- if ($mySink->hasParameters()) {
- for ($i = 0; $i < $nbParams; $i ++) {
- if ($mySink->isParameter($i + 1)) {
- $conditionRespected = false;
-
- $myDefArg = $instruction->getProperty("argdef$i");
- $taintedExpr = $myDefArg->getTaintedByExpr();
-
- if ($myDefArg->isType(MyDefinition::TYPE_COPY_ARRAY)
- && $mySink->isParameterCondition($i + 1, "array_tainted")) {
- foreach ($myDefArg->getCopyArrays() as $copyarray) {
- if (!SecurityAnalysis::isSafe($i + 1, $copyarray[1], $mySink)) {
- $conditionRespected = true;
- }
- }
- } elseif (!$myDefArg->isType(MyDefinition::TYPE_COPY_ARRAY)
- && (!$mySink->isParameterCondition($i + 1, "array_tainted")
- || $mySink->isParameterCondition($i + 1, "variable_tainted"))) {
- if (!is_null($taintedExpr)) {
- $defsExpr = $taintedExpr->getDefs();
- foreach ($defsExpr as $defExpr) {
- if (!SecurityAnalysis::isSafe($i + 1, $defExpr, $mySink)) {
- $conditionRespected = true;
- }
- }
- }
- } elseif ($myDefArg->getArrayValue() === "PROGPILOT_ALL_INDEX_TAINTED"
- && $mySink->isParameterCondition($i + 1, "array_tainted")) {
- $conditionRespected = true;
- } elseif ($myDefArg->property->hasProperty("PROGPILOT_ALL_PROPERTIES_TAINTED")
- && $mySink->isParameterCondition($i + 1, "object_tainted")) {
- $conditionRespected = true;
- }
-
- if (!$conditionRespected) {
- break;
- }
- }
- }
- }
-
- if ($conditionRespected) {
- for ($i = 0; $i < $nbParams; $i ++) {
- $myDefArg = $instruction->getProperty("argdef$i");
- $myDefExpr = $instruction->getProperty("argexpr$i");
-
- if (!$mySink->hasParameters() || ($mySink->hasParameters() && $mySink->isParameter($i + 1))) {
- if ($myDefArg->isType(MyDefinition::TYPE_COPY_ARRAY)
- && $mySink->isParameterCondition($i + 1, "array_tainted")) {
- foreach ($myDefArg->getCopyArrays() as $copyarray) {
- SecurityAnalysis::call(
- $i + 1,
- $myFuncCall,
- $context,
- $mySink,
- $copyarray[1],
- $myDefExpr
- );
- }
- } else {
- SecurityAnalysis::call(
- $i + 1,
- $myFuncCall,
- $context,
- $mySink,
- $myDefArg,
- $myDefExpr
- );
- }
- }
- }
- }
- }
- }
-
- public static function taintedFlow($indexParameter, $context, $defExprFlow, $mySink)
+ public static function isSafeStatesCondition($context, $mySink, $myDef, $condition)
{
- $resultTaintedFlow = [];
-
- $idFlow = \progpilot\Utils::printDefinition($mySink->getLanguage(), $defExprFlow);
-
- while ($defExprFlow->getTaintedByExpr() !== null) {
- $taintedFlowExpr = $defExprFlow->getTaintedByExpr();
- $defsExprTainted = $taintedFlowExpr->getDefs();
-
- foreach ($defsExprTainted as $defExprFlowFrom) {
- if (!SecurityAnalysis::isSafe($indexParameter, $defExprFlowFrom, $mySink, true)) {
- $tmpname = \progpilot\Utils::printDefinition($mySink->getLanguage(), $defExprFlowFrom);
- $oneTainted["flow_name"] = $tmpname;
- $oneTainted["flow_line"] = $defExprFlowFrom->getLine();
- $oneTainted["flow_column"] = $defExprFlowFrom->getColumn();
- $oneTainted["flow_file"] = \progpilot\Utils::encodeCharacters(
- $defExprFlowFrom->getSourceMyFile()->getName()
- );
-
- // just in case
- if (in_array($oneTainted, $resultTaintedFlow, true)) {
- break 2;
- }
-
- $resultTaintedFlow[] = $oneTainted;
-
- $idFlow .= \progpilot\Utils::printDefinition($mySink->getLanguage(), $defExprFlowFrom);
- $idFlow .= "-".$defExprFlowFrom->getSourceMyFile()->getName();
- $defExprFlow = $defExprFlowFrom;
- break;
- }
- }
-
- if ($defExprFlow->getTaintedByExpr() === $taintedFlowExpr) {
- break;
+ $statesMyDef = $myDef->getStates();
+ foreach ($statesMyDef as $stateMyDef) {
+ if (!SecurityAnalysis::isSafeStateCondition($context, $mySink, $stateMyDef, $condition)) {
+ return false;
}
}
-
- return [$resultTaintedFlow, $idFlow];
+
+ return true;
}
- public static function call($indexParameter, $myFuncCall, $context, $mySink, $myDef, $myExpr)
+ public static function callbis($indexParameter, $myFuncCall, $context, $mySink, $myDef)
{
- //$results = &$context->outputs->getResults();
$hashIdVuln = "";
$temp["source_name"] = [];
@@ -255,60 +208,93 @@ public static function call($indexParameter, $myFuncCall, $context, $mySink, $my
}
$nbtainted = 0;
- $taintedExpr = $myDef->getTaintedByExpr();
- if (!is_null($taintedExpr)) {
- $defsExpr = $taintedExpr->getDefs();
-
- foreach ($defsExpr as $defExpr) {
- if (!SecurityAnalysis::isSafe($indexParameter, $defExpr, $mySink)) {
- $sourceName = \progpilot\Utils::printDefinition($mySink->getLanguage(), $defExpr);
- $sourceLine = $defExpr->getLine();
- $sourceColumn = $defExpr->getColumn();
- $sourceFile = \progpilot\Utils::encodeCharacters($defExpr->getSourceMyFile()->getName());
-
- if (!SecurityAnalysis::inArraySource(
- $temp,
- $sourceName,
- $sourceLine,
- $sourceColumn,
- $sourceFile
- )) {
- $resultsFlow = SecurityAnalysis::taintedFlow($indexParameter, $context, $defExpr, $mySink);
+
+ // arg param of sink = always current state
+ if (!SecurityAnalysis::isSafeState($context, $mySink, $indexParameter, $myDef->getCurrentState())) {
+ $taintedDefs = $myDef->getCurrentState()->getTaintedByDefs();
+ foreach ($taintedDefs as $taintedByDef) {
+ $taintedDef = $taintedByDef[0];
+ $taintedState = $taintedByDef[1];
+
+ if (!SecurityAnalysis::isSafeState($context, $mySink, $indexParameter, $taintedState)) {
+ $ret = SecurityAnalysis::getPrintableTaintedDef($mySink, $taintedDef);
+ if (!SecurityAnalysis::inArrayStateSource($temp, $ret)) {
+ $resultsFlow = SecurityAnalysis::taintedStateFlow(
+ $context,
+ $mySink,
+ $indexParameter,
+ $taintedDef,
+ $taintedState
+ );
$resultTaintedFlow = $resultsFlow[0];
$hashIdVuln .= $resultsFlow[1];
+ $hashIdVuln .= $ret["source_name"];
- $temp["source_name"][] = $sourceName;
+ $temp["source_name"][] = $ret["source_name"];
if ($context->outputs->getTaintedFlow()) {
$temp["tainted_flow"][] = $resultTaintedFlow;
}
- $temp["source_line"][] = $sourceLine;
- $temp["source_column"][] = $sourceColumn;
- $temp["source_file"][] = $sourceFile;
+ $temp["source_line"][] = $ret["source_line"];
+ $temp["source_column"][] = $ret["source_column"];
+ $temp["source_file"][] = $ret["source_file"];
$nbtainted ++;
}
}
}
+
+ $hashedValue = $hashIdVuln."-".$mySink->getName()."-".$myFuncCall->getSourceMyFile()->getName();
+ $hashIdVuln = hash("sha256", $hashedValue);
+
+ if ($nbtainted && is_null($context->inputs->getFalsePositiveById($hashIdVuln))) {
+ $temp["sink_name"] = \progpilot\Utils::encodeCharacters($mySink->getName());
+ $temp["sink_line"] = $myFuncCall->getLine();
+ $temp["sink_column"] = $myFuncCall->getColumn();
+ $temp["sink_file"] = \progpilot\Utils::encodeCharacters($myFuncCall->getSourceMyFile()->getName());
+ $temp["vuln_name"] = \progpilot\Utils::encodeCharacters($mySink->getAttack());
+ $temp["vuln_cwe"] = \progpilot\Utils::encodeCharacters($mySink->getCwe());
+ $temp["vuln_id"] = $hashIdVuln;
+ $temp["vuln_type"] = "taint-style";
+
+ $context->outputs->addResult($temp);
+ }
}
+ }
- $hashedValue = $hashIdVuln."-".$mySink->getName()."-".$myFuncCall->getSourceMyFile()->getName();
- $hashIdVuln = hash("sha256", $hashedValue);
-
- if ($nbtainted && is_null($context->inputs->getFalsePositiveById($hashIdVuln))) {
- $temp["sink_name"] = \progpilot\Utils::encodeCharacters($mySink->getName());
- $temp["sink_line"] = $myFuncCall->getLine();
- $temp["sink_column"] = $myFuncCall->getColumn();
- $temp["sink_file"] = \progpilot\Utils::encodeCharacters($myFuncCall->getSourceMyFile()->getName());
- $temp["vuln_name"] = \progpilot\Utils::encodeCharacters($mySink->getAttack());
- $temp["vuln_cwe"] = \progpilot\Utils::encodeCharacters($mySink->getCwe());
- $temp["vuln_id"] = $hashIdVuln;
- $temp["vuln_type"] = "taint-style";
-
- $context->outputs->addResult($temp);
- //if (!in_array($temp, $results, true))
- // $results[] = $temp;
+
+ public static function getPrintableTaintedDef($mySink, $myDef)
+ {
+ if (!is_null($myDef->getArgToParam())) {
+ $param = $myDef->getArgToParam();
+ $return["source_name"] = \progpilot\Utils::printDefinition($mySink->getLanguage(), $param);
+ $return["source_line"] = $param->getLine();
+ $return["source_column"]= $param->getColumn();
+ $return["source_file"] = \progpilot\Utils::encodeCharacters($param->getSourceMyFile()->getName());
+
+ return $return;
}
+
+ if (!is_null($myDef->original->getDef())) {
+ $return["source_name"] = \progpilot\Utils::printDefinition(
+ $mySink->getLanguage(),
+ $myDef,
+ $myDef->original->getDef()
+ );
+ $return["source_line"] = $myDef->original->getDef()[0]->getLine();
+ $return["source_column"] = $myDef->original->getDef()[0]->getColumn();
+ $return["source_file"] = \progpilot\Utils::encodeCharacters(
+ $myDef->original->getDef()[0]->getSourceMyFile()->getName()
+ );
+ return $return;
+ }
+
+ $return["source_name"] = \progpilot\Utils::printDefinition($mySink->getLanguage(), $myDef);
+ $return["source_line"] = $myDef->getLine();
+ $return["source_column"] = $myDef->getColumn();
+ $return["source_file"] = \progpilot\Utils::encodeCharacters($myDef->getSourceMyFile()->getName());
+
+ return $return;
}
}
diff --git a/package/src/progpilot/Analysis/TaintAnalysis.php b/package/src/progpilot/Analysis/TaintAnalysis.php
index 21083bde..692d57a5 100644
--- a/package/src/progpilot/Analysis/TaintAnalysis.php
+++ b/package/src/progpilot/Analysis/TaintAnalysis.php
@@ -17,103 +17,52 @@
use progpilot\Objects\MyDefinition;
use progpilot\Objects\MyInstance;
use progpilot\Objects\MyAssertion;
-use progpilot\Objects\MyExpr;
use progpilot\Objects\MyFunction;
use progpilot\Dataflow\Definitions;
use progpilot\Code\Opcodes;
use progpilot\Code\MyInstruction;
use progpilot\Inputs\MySource;
+use progpilot\Helpers\Analysis as HelpersAnalysis;
class TaintAnalysis
{
- public static function funccallSpecifyAnalysis(
- $myFunc,
- $stackClass,
+ public static function funccallValidator(
$context,
- $data,
+ $myFunc,
$myClass,
- $myFuncCall,
- $arrFuncCall,
- $instruction,
- $myCode,
- $index
+ $instruction
) {
- $stackClass = ResolveDefs::funccallClass($context, $data, $myFuncCall);
-
- \progpilot\Analysis\CustomAnalysis::returnObject(
- $context,
- $myFuncCall,
- $stackClass,
- $instruction->getProperty(MyInstruction::EXPR)
- );
-
- TaintAnalysis::funccallValidator($stackClass, $context, $data, $myClass, $instruction, $myCode, $index);
- TaintAnalysis::funccallSanitizer(
- $myFunc,
- $stackClass,
- $context,
- $data,
- $myClass,
- $instruction,
- $myCode,
- $index
- );
-
- $hasSources = TaintAnalysis::funccallSource($stackClass, $context, $data, $myClass, $instruction);
-
- // for example for document.write
- if (is_null($myClass) && $myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD)) {
- $myClass = new MyClass(
- $myFuncCall->getLine(),
- $myFuncCall->getColumn(),
- $myFuncCall->getNameInstance()
- );
- }
-
- SecurityAnalysis::funccall($stackClass, $context, $instruction, $myClass);
-
- return $hasSources;
- }
-
- public static function funccallValidator($stackClass, $context, $data, $myClass, $instruction, $myCode, $index)
- {
- $funcName = $instruction->getProperty(MyInstruction::FUNCNAME);
- $arrFuncCall = $instruction->getProperty(MyInstruction::ARR);
$myFuncCall = $instruction->getProperty(MyInstruction::MYFUNC_CALL);
$nbParams = 0;
$defsValid = [];
$conditionsRespected = true;
- $myValidator = $context->inputs->getValidatorByName($context, $stackClass, $myFuncCall, $myClass);
+ $myValidator = $context->inputs->getValidatorByName($myFuncCall, $myClass);
if (!is_null($myValidator)) {
- while (true) {
- if (!$instruction->isPropertyExist("argdef$nbParams")) {
- break;
- }
+ $validwhenreturning = $myValidator->getValidWhenReturning();
+ } else {
+ $validwhenreturning = true;
+ }
+
+ while (true) {
+ if (!$instruction->isPropertyExist("argdef$nbParams")) {
+ break;
+ }
- $defArg = $instruction->getProperty("argdef$nbParams");
- $exprArg = $instruction->getProperty("argexpr$nbParams");
+ $defArg = $instruction->getProperty("argdef$nbParams");
+ if (!is_null($myValidator)) {
$conditions = $myValidator->getParameterconditions($nbParams + 1);
- if ($conditions === "valid" && !$exprArg->getIsConcat()) {
- $theDefsArgs = $exprArg->getDefs();
-
- foreach ($theDefsArgs as $theDefsArg) {
- $defsValid[] = $theDefsArg;
- }
+ if ($conditions === "valid") {
+ $defsValid[] = $defArg;
} elseif ($conditions === "array_not_tainted") {
- if ($defArg->isType(MyDefinition::TYPE_ARRAY) && $defArg->isTainted()) {
- $conditionsRespected = false;
- } elseif ($defArg->isType(MyDefinition::TYPE_COPY_ARRAY)) {
- $copyArrays = $defArg->getCopyArrays();
- foreach ($copyArrays as $copyArray) {
- $arrvalue = $copyArray[0];
- $defarr = $copyArray[1];
-
- if ($defarr->isTainted()) {
+ if ($defArg->getCurrentState()->isType(MyDefinition::TYPE_ARRAY)) {
+ foreach ($defArg->getCurrentState()->getArrayIndexes() as $arrayIndex) {
+ if ($arrayIndex->def->getCurrentState()->isTainted()) {
$conditionsRespected = false;
+ break;
}
}
}
@@ -121,18 +70,17 @@ public static function funccallValidator($stackClass, $context, $data, $myClass,
if ($defArg->isTainted()) {
$conditionsRespected = false;
}
- } elseif ($conditions === "equals") {
+ } elseif ($conditions === "equals" || $conditions === "notequals") {
$conditionsRespectedEquals = false;
$values = $myValidator->getParameterValues($nbParams + 1);
if (!is_null($values)) {
- $theDefsArgs = $exprArg->getDefs();
- if (count($theDefsArgs) > 0) {
- foreach ($values as $value) {
- foreach ($theDefsArgs[0]->getLastKnownValues() as $lastKnownValue) {
- if ($value->value === $lastKnownValue) {
- $conditionsRespectedEquals = true;
- }
+ foreach ($values as $value) {
+ foreach ($defArg->getCurrentState()->getLastKnownValues() as $lastKnownValue) {
+ if ($value->value === $lastKnownValue && $conditions === "equals") {
+ $conditionsRespectedEquals = true;
+ } elseif ($value->value !== $lastKnownValue && $conditions === "notequals") {
+ $conditionsRespectedEquals = true;
}
}
}
@@ -142,79 +90,91 @@ public static function funccallValidator($stackClass, $context, $data, $myClass,
$conditionsRespected = false;
}
}
+ } else {
+ if (!is_null($myFunc)) {
+ $ambiguous = true;
+
+ foreach ($myFunc->getReturnDefs() as $returnDef) {
+ $ambiguous = false;
+ // we have a return def from a known validator
+ if ($returnDef->getReturnedFromValidator()) {
+ $returnTrue = false;
+ $returnFalse = false;
+
+ // we overwrite the value for below
+ $validwhenreturning = $returnDef->getValidWhenReturning();
+ $validNotBoolean = $returnDef->getValidNotBoolean();
+
+ foreach ($returnDef->getCurrentState()->getLastKnownValues() as $lastKnownValue) {
+ if ($lastKnownValue === "true"
+ || $lastKnownValue === "TRUE"
+ || (is_numeric($lastKnownValue) && $lastKnownValue > 0)) {
+ $returnTrue = true;
+ } elseif ($lastKnownValue === "false"
+ || $lastKnownValue === "FALSE"
+ || (is_numeric($lastKnownValue) && $lastKnownValue <= 0)) {
+ $returnFalse = true;
+ } else {
+ $ambiguous = true;
+ break 2;
+ }
+ }
- $nbParams ++;
+ // ambiguous
+ if ($returnTrue && $returnFalse) {
+ $ambiguous = true;
+ break;
+ }
+ }
+ }
+
+ // all the returns are true OR all the returns are false
+ if (!$ambiguous) {
+ $defsValid[] = $defArg;
+ }
+ }
}
+
+ $nbParams ++;
}
- if (count($defsValid) > 0) {
+ if (!empty($defsValid)) {
if ($conditionsRespected) {
- $codes = $myCode->getCodes();
-
- if (isset($codes[$index + 2])) {
- $instructionIf = $codes[$index + 2];
- if ($instructionIf->getOpcode() === Opcodes::COND_START_IF) {
- $myBlockIf = $instructionIf->getProperty(MyInstruction::MYBLOCK_IF);
- $myBlockElse = $instructionIf->getProperty(MyInstruction::MYBLOCK_ELSE);
-
- foreach ($defsValid as $defValid) {
- $type = "valid";
- $myAssertion = new MyAssertion($defValid, $type);
-
- if ($instructionIf->isPropertyExist(MyInstruction::NOT_BOOLEAN)) {
- $myBlockElse->addAssertion($myAssertion);
- } else {
- $myBlockIf->addAssertion($myAssertion);
- }
- }
- }
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $opInformation = $context->getCurrentFunc()->getOpInformation($resultid);
+ foreach ($defsValid as $defValid) {
+ $opInformation["condition_defs"][] = $defValid;
}
+
+ $opInformation["valid_when_returning"] = $validwhenreturning;
+ return $opInformation;
}
}
+
+ return null;
}
public static function funccallSanitizer(
$myFunc,
- $stackClass,
$context,
- $data,
$myClass,
$instruction,
- $myCode,
- $index
+ $virtualReturnDef
) {
$funcName = $instruction->getProperty(MyInstruction::FUNCNAME);
- $arrFuncCall = $instruction->getProperty(MyInstruction::ARR);
$myFuncCall = $instruction->getProperty(MyInstruction::MYFUNC_CALL);
$conditionsSanitize = false;
- $conditionsTaint = false;
- $paramsTaintedconditionsTaint = false;
$paramsTainted = false;
$paramsSanitized = false;
$paramsTypeSanitized = [];
+ $paramsTaintedDefs = [];
$nbParams = 0;
$conditionsRespectedFinal = true;
- $myTempReturn = new MyDefinition(
- $myFuncCall->getLine(),
- $myFuncCall->getColumn(),
- "return_".$myFuncCall->getName()
- );
- $myTempReturn->setSourceMyFile($context->getCurrentMyfile());
-
- $myExprReturn1 = new MyExpr($myFuncCall->getLine(), $myFuncCall->getColumn());
- $myExprReturn1->setAssign(true);
- $myExprReturn1->setAssignDef($myTempReturn);
- $myExprReturn1->addDef($myTempReturn);
-
- $myExprReturn2 = new MyExpr($myFuncCall->getLine(), $myFuncCall->getColumn());
- $myExprReturn2->setAssign(true);
- $myExprReturn2->setAssignDef($myTempReturn);
-
- $mySanitizer = $context->inputs->getSanitizerByName($context, $stackClass, $myFuncCall, $myClass);
+ $mySanitizer = $context->inputs->getSanitizerByName($myFuncCall, $myClass);
if (!is_null($mySanitizer)) {
$preventFinal = $mySanitizer->getPrevent();
@@ -224,24 +184,21 @@ public static function funccallSanitizer(
if (!$instruction->isPropertyExist("argdef$nbParams")) {
break;
}
-
+
$defArg = $instruction->getProperty("argdef$nbParams");
- $exprArg = $instruction->getProperty("argexpr$nbParams");
- if (is_null($myFunc) || !is_null($mySanitizer)) {
- if ($defArg->isTainted()) {
- $paramsTainted = true;
- $myExprReturn2->addDef($defArg);
- }
+ if ($defArg->getCurrentState()->isTainted()) {
+ $paramsTainted = true;
+ $paramsTaintedDefs[] = $defArg;
+ }
- if ($defArg->isSanitized()) {
- $paramsSanitized = true;
- $tmps = $defArg->getTypeSanitized();
+ if ($defArg->getCurrentState()->isSanitized()) {
+ $paramsSanitized = true;
+ $tmps = $defArg->getCurrentState()->getTypeSanitized();
- foreach ($tmps as $tmp) {
- if (!in_array($tmp, $paramsTypeSanitized, true)) {
- $paramsTypeSanitized[] = $tmp;
- }
+ foreach ($tmps as $tmp) {
+ if (!in_array($tmp, $paramsTypeSanitized, true)) {
+ $paramsTypeSanitized[] = $tmp;
}
}
}
@@ -249,21 +206,18 @@ public static function funccallSanitizer(
if (!is_null($mySanitizer)) {
$conditions = $mySanitizer->getParameterconditions($nbParams + 1);
- if ($conditions === "equals") {
+ if ($conditions === "equals" || $conditions === "notequals") {
$conditionsRespected = false;
$values = $mySanitizer->getParameterValues($nbParams + 1);
if (!is_null($values)) {
- $theDefsArgs = $exprArg->getDefs();
- if (count($theDefsArgs) > 0) {
- foreach ($values as $value) {
- foreach ($theDefsArgs[0]->getLastKnownValues() as $lastKnownValue) {
- if ($value->value === $lastKnownValue) {
- $conditionsRespected = true;
-
- if (isset($value->prevent)) {
- $preventFinal = array_merge($preventFinal, $value->prevent);
- }
+ foreach ($values as $value) {
+ foreach ($defArg->getCurrentState()->getLastKnownValues() as $lastKnownValue) {
+ if (($value->value === $lastKnownValue && $conditions === "equals")
+ || ($value->value !== $lastKnownValue && $conditions === "notequals")) {
+ $conditionsRespected = true;
+ if (isset($value->prevent)) {
+ $preventFinal = array_merge($preventFinal, $value->prevent);
}
}
}
@@ -275,92 +229,67 @@ public static function funccallSanitizer(
}
} elseif ($conditions === "taint") {
$conditionsTaint = true;
- if ($defArg->isTainted()) {
+ if ($defArg->getCurrentState()->isTainted()) {
$paramsTaintedconditionsTaint = true;
- $myExprReturn2->addDef($defArg);
}
} elseif ($conditions === "sanitize") {
$conditionsSanitize = true;
- $exprsTaintedconditionsSanitize[] = $exprArg;
+ $exprsTaintedconditionsSanitize[] = $defArg;
}
}
$nbParams ++;
}
- $returnSanitizer = false;
+ $funcReturnDefs = (!is_null($myFunc) && !empty($myFunc->getReturnDefs())) ? true : false;
- $codes = $myCode->getCodes();
- if (isset($codes[$index + 2]) && $codes[$index + 2]->getOpcode() === Opcodes::END_ASSIGN) {
- $instructionDef = $codes[$index + 3];
- $myDefReturn = $instructionDef->getProperty(MyInstruction::DEF);
- $returnSanitizer = true;
- }
-
- // the return of func will be tainted if one of arg is tainted
- if ($returnSanitizer) {
- TaintAnalysis::setTainted($paramsTainted, $myTempReturn, $myExprReturn2);
+ $mySource = $context->inputs->getSourceByName($myFuncCall, $myClass);
+
+ // the default return of func will be tainted if one of arg is tainted
+ // AND no defs are returned/defined
+ // AND the func is not a sanitizer (with all conditions respected)
+ // AND the func is not a source (will return already a def)
+ if (!$funcReturnDefs
+ && is_null($mySource)) {
+ $virtualReturnDef->getCurrentState()->setTainted($paramsTainted);
+
+ foreach ($paramsTaintedDefs as $paramsTaintedDef) {
+ $virtualReturnDef->getCurrentState()->addTaintedByDef(
+ [$paramsTaintedDef, $paramsTaintedDef->getCurrentState()]
+ );
+ }
}
- if ($returnSanitizer || $conditionsSanitize) {
- if (!is_null($mySanitizer) && $conditionsRespectedFinal) {
- if ($conditionsSanitize) {
- foreach ($exprsTaintedconditionsSanitize as $exprsanitize) {
- foreach ($exprsanitize->getDefs() as $oneDef) {
- $oneDef->setSanitized(true);
- if (is_array($preventFinal)) {
- foreach ($preventFinal as $preventFinalValue) {
- $oneDef->addTypeSanitized($preventFinalValue);
- }
- }
- }
- }
- } else {
- $myTempReturn->setSanitized(true);
- $myDefReturn->setSanitized(true);
- if (is_array($preventFinal)) {
- foreach ($preventFinal as $preventFinalValue) {
- $myTempReturn->addTypeSanitized($preventFinalValue);
- $myDefReturn->addTypeSanitized($preventFinalValue);
- }
+ if (!is_null($mySanitizer) && $conditionsRespectedFinal) {
+ if ($conditionsSanitize) {
+ foreach ($exprsTaintedconditionsSanitize as $defTaintedconditionsSanitize) {
+ $callback = "Callbacks::addSanitizedTypes";
+ HelpersAnalysis::forEachTaintedByDefs($defTaintedconditionsSanitize, $preventFinal, $callback);
+ }
+ } else {
+ $virtualReturnDef->getCurrentState()->setSanitized(true);
+ if (is_array($preventFinal)) {
+ foreach ($preventFinal as $preventFinalValue) {
+ $virtualReturnDef->getCurrentState()->addTypeSanitized($preventFinalValue);
}
}
}
}
- if ($returnSanitizer && $paramsSanitized) {
- $myTempReturn->setSanitized(true);
- $myDefReturn->setSanitized(true);
+ if ($paramsSanitized) {
+ $virtualReturnDef->getCurrentState()->setSanitized(true);
foreach ($paramsTypeSanitized as $tmp) {
- $myTempReturn->addTypeSanitized($tmp);
- $myDefReturn->addTypeSanitized($tmp);
- }
- }
-
- if ($returnSanitizer) {
- if (ResolveDefs::getVisibilityFromInstances($context, $data, $myDefReturn)) {
- ValueAnalysis::copyValues($myTempReturn, $myDefReturn);
- TaintAnalysis::setTainted($myTempReturn->isTainted(), $myDefReturn, $myExprReturn1);
+ $virtualReturnDef->getCurrentState()->addTypeSanitized($tmp);
}
}
}
- public static function funccallSource($stackClass, $context, $data, $myClass, $instruction)
+ public static function funccallSource($context, $myClass, $instruction, $virtualReturnDef)
{
- $hasSources = false;
-
- $funcName = $instruction->getProperty(MyInstruction::FUNCNAME);
- $arrFuncCall = $instruction->getProperty(MyInstruction::ARR);
$myFuncCall = $instruction->getProperty(MyInstruction::MYFUNC_CALL);
-
- $className = false;
- if ($myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD) && !is_null($myClass)) {
- $className = $myClass->getName();
- }
-
- $mySource = $context->inputs->getSourceByName($stackClass, $myFuncCall, true, $className, false);
+
+ $mySource = $context->inputs->getSourceByName($myFuncCall, $myClass);
if (!is_null($mySource)) {
- $hasSources = true;
if ($mySource->hasParameters()) {
$nbParams = 0;
while (true) {
@@ -368,21 +297,21 @@ public static function funccallSource($stackClass, $context, $data, $myClass, $i
break;
}
- $defArg = $instruction->getProperty("argdef$nbParams");
-
if ($mySource->isParameter($nbParams + 1)) {
- $defFrom = $defArg->getValueFromDef();
+ $defFrom = $instruction->getProperty("argoriginaldef$nbParams");
if (!is_null($defFrom)) {
$arrayIndex = $mySource->getconditionsParameter($nbParams + 1, MySource::CONDITION_ARRAY);
if (!is_null($arrayIndex)) {
- $trueArrayIndex = array($arrayIndex => false);
- $defFrom->addType(MyDefinition::TYPE_ARRAY);
- $defFrom->setArrayValue($trueArrayIndex);
+ $newArrs = $defFrom->getCurrentState()->getOrCreateDefArrayIndex(
+ $defFrom->getBlockId(),
+ $defFrom,
+ $arrayIndex
+ );
+
+ $myElement = $newArrs[1][0];
+ $myElement->getCurrentState()->setTainted(true);
}
-
- // no expression needed it's a source
- $defFrom->setTainted(true);
}
}
@@ -390,88 +319,46 @@ public static function funccallSource($stackClass, $context, $data, $myClass, $i
}
}
- $exprReturn = $instruction->getProperty(MyInstruction::EXPR);
-
- if ($exprReturn->isAssign()) {
- $defAssign = $exprReturn->getAssignDef();
-
- // sanitizers are deleted
- $defAssign->setSanitized(false);
- $defAssign->setTypeSanitized([]);
- $defAssign->setCast(MyDefinition::CAST_NOT_SAFE);
-
- $myDef = new MyDefinition(
- $myFuncCall->getLine(),
- $myFuncCall->getColumn(),
- $myFuncCall->getName()."_return"
+ $myDef = $virtualReturnDef;
+
+ // sanitizers are deleted
+ $myDef->getCurrentState()->setSanitized(false);
+ $myDef->getCurrentState()->setTypeSanitized([]);
+ $myDef->getCurrentState()->setCast(MyDefinition::CAST_NOT_SAFE);
+ //$myDef->getCurrentState()->setTainted(true);
+ // no need to taintedbyexpr because it's source like _GET
+
+ if ($mySource->getIsObject()) {
+ $myDef->getCurrentState()->addType(MyDefinition::TYPE_INSTANCE);
+ $myDef->getCurrentState()->addType(MyDefinition::ALL_PROPERTIES_TAINTED);
+
+ $myDef->setClassName($myFuncCall->getName()."_built-in-class");
+ HelpersAnalysis::createObject($context, $myDef);
+ } elseif ($mySource->getIsArrayOfArrays()) {
+ $myDef->getCurrentState()->addType(MyDefinition::TYPE_ARRAY_ARRAY);
+ $myDef->getCurrentState()->addType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED);
+ } elseif ($mySource->getIsArrayOfObjects()) {
+ $myDef->getCurrentState()->addType(MyDefinition::TYPE_ARRAY);
+ $myDef->getCurrentState()->addType(MyDefinition::TYPE_INSTANCE);
+ $myDef->getCurrentState()->addType(MyDefinition::ALL_PROPERTIES_TAINTED);
+
+ $myDef->setClassName($myFuncCall->getName()."_built-in-class");
+ HelpersAnalysis::createObject($context, $myDef);
+ } elseif ($mySource->getIsArray()) {
+ $myDef->getCurrentState()->addType(MyDefinition::TYPE_ARRAY);
+ $myDef->getCurrentState()->addType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED);
+ } elseif ($mySource->getIsReturnArray()) {
+ $newArrs = $myDef->getCurrentState()->getOrCreateDefArrayIndex(
+ $myDef->getBlockId(),
+ $myDef,
+ $mySource->getReturnArrayValue()
);
- $myDef->setSourceMyFile($defAssign->getSourceMyFile());
- $myDef->setTainted(true);
- // no need to taintedbyexpr because it's source like _GET
-
- if ($mySource->getIsObject()) {
- $defAssign->addType(MyDefinition::TYPE_INSTANCE);
- $defAssign->property->addProperty("PROGPILOT_ALL_PROPERTIES_TAINTED");
-
- $defAssign->setTaintedByExpr($exprReturn);
- $defAssign->setExpr($exprReturn);
-
- $exprReturn->addDef($defAssign);
- } elseif ($mySource->getIsArray()) {
- $defAssign->setArrayValue("PROGPILOT_ALL_INDEX_TAINTED");
- // we don't add type of TYPE_ARRAY because is a virtual array
- // $row = mysqli_fetch_row
- // echo $row[0]
- // we don't want row as an array because it's value is constance PROGPILOT_ALL_INDEX_TAINTED
- // which doesn't mean anything for the user
- //$defAssign->addType(MyDefinition::TYPE_ARRAY);
-
- $defAssign->setTaintedByExpr($exprReturn);
- $defAssign->setExpr($exprReturn);
-
- $exprReturn->addDef($defAssign);
- } elseif ($mySource->getIsReturnArray() && $arrFuncCall === false) {
- $valueArray = array($mySource->getReturnArrayValue() => false);
-
- $defAssign->addCopyArray($valueArray, $myDef);
- $defAssign->addType(MyDefinition::TYPE_COPY_ARRAY);
-
- $exprReturn->addDef($myDef);
- $myDef->setExpr($exprReturn);
- } elseif ($mySource->getIsReturnArray()) {
- $valueArray = array($mySource->getReturnArrayValue() => false);
-
- if ($arrFuncCall === $valueArray) {
- $exprReturn->addDef($myDef);
- $myDef->setExpr($exprReturn);
-
- if ($exprReturn->isAssign()) {
- if (ResolveDefs::getVisibilityFromInstances($context, $data, $defAssign)) {
- ValueAnalysis::copyValues($myDef, $defAssign);
- TaintAnalysis::setTainted($myDef->isTainted(), $defAssign, $exprReturn);
- }
- }
- }
- } elseif (!$mySource->getIsReturnArray()) {
- $exprReturn->addDef($myDef);
- if ($exprReturn->isAssign()) {
- if (ResolveDefs::getVisibilityFromInstances($context, $data, $defAssign)) {
- ValueAnalysis::copyValues($myDef, $defAssign);
- TaintAnalysis::setTainted($myDef->isTainted(), $defAssign, $exprReturn);
- }
- }
- }
- }
- }
-
- return $hasSources;
- }
- public static function setTainted($tainted, $defAssign, $expr)
- {
- if ($tainted) {
- $defAssign->setTainted(true);
- $defAssign->setTaintedByExpr($expr);
+ $myElement = $newArrs[1][0];
+ $myElement->getCurrentState()->setTainted(true);
+ } elseif (!$mySource->getIsReturnArray()) {
+ $myDef->getCurrentState()->setTainted(true);
+ }
}
}
}
diff --git a/package/src/progpilot/Analysis/TwigAnalysis.php b/package/src/progpilot/Analysis/TwigAnalysis.php
index 7304d51f..a97a93bd 100644
--- a/package/src/progpilot/Analysis/TwigAnalysis.php
+++ b/package/src/progpilot/Analysis/TwigAnalysis.php
@@ -34,7 +34,7 @@ public static function funccall($context, $myFuncCall, $instruction)
$template = $instruction->getProperty("argdef0");
$variable = $instruction->getProperty("argdef1");
- $file = $path."/".$template->getLastKnownValues()[0];
+ $file = $path.DIRECTORY_SEPARATOR.$template->getLastKnownValues()[0];
$myJavascriptFile = new MyFile($file, $myFuncCall->getLine(), $myFuncCall->getColumn());
if (file_exists($file)) {
@@ -47,8 +47,13 @@ public static function funccall($context, $myFuncCall, $instruction)
$arrIndex = "{{".key($arr)."}}";
- $myDef = new MyDefinition($def->getLine(), $def->getColumn(), $arrIndex);
- $myDef->setSourceMyFile($myJavascriptFile);
+ $myDef = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $def->getLine(),
+ $def->getColumn(),
+ $arrIndex
+ );
if ($def->isTainted()) {
$myDef->setTainted(true);
diff --git a/package/src/progpilot/Analysis/ValueAnalysis.php b/package/src/progpilot/Analysis/ValueAnalysis.php
deleted file mode 100644
index 4fad6bf6..00000000
--- a/package/src/progpilot/Analysis/ValueAnalysis.php
+++ /dev/null
@@ -1,206 +0,0 @@
-getLastKnownValues()
- // value = "id_temp1"."id_temp2"."id_temp3";
- foreach ($knownValues as $idTemp => $defsKnownValues) { // 1
- // def
- // "id_temp1"
- $defValues = [];
- foreach ($defsKnownValues as $defKnownValues) { // 2
- // def->getLastKnownValues()
- // "def_id_temp1"
- foreach ($defKnownValues as $defKnownValue) {
- if (Common::validLastKnownValue($defKnownValue)
- && !in_array($defKnownValue, $defValues, true)) {
- $defValues[] = $defKnownValue;
- }
- }
- }
-
- if (count($finalDefValues) === 0) {
- $finalDefValues = $defValues;
- } else {
- $newFinalDefValues = [];
-
- foreach ($finalDefValues as $finalDefValue) {
- foreach ($defValues as $defValue) {
- $newValue = $finalDefValue.$defValue;
- if (Common::validLastKnownValue($defKnownValue)
- && !in_array($newValue, $newFinalDefValues, true)) {
- $newFinalDefValues[] = $newValue;
- }
- }
- }
-
- $finalDefValues = $newFinalDefValues;
- }
- }
-
- foreach ($finalDefValues as $finalDefValue) {
- $defAssign->addLastKnownValue($finalDefValue);
- }
- }
- }
- }
-
- public static function computeCastValues($defAssign, $expr)
- {
- if (isset(ValueAnalysis::$exprsCast[$expr])) {
- $nbCastSafe = 0;
- $castValues = ValueAnalysis::$exprsCast[$expr];
-
- foreach ($castValues as $castValue) {
- if ($castValue === MyDefinition::CAST_SAFE) {
- $nbCastSafe ++;
- }
- }
-
- if ($nbCastSafe === count($castValues)) {
- $defAssign->setCast(MyDefinition::CAST_SAFE);
- } else {
- $defAssign->setCast(MyDefinition::CAST_NOT_SAFE);
- }
- }
- }
-
- public static function computeEmbeddedChars($defAssign, $expr)
- {
- $concatEmbeddedChars = [];
- foreach ($expr->getDefs() as $def) {
- foreach ($def->getIsEmbeddedByChars() as $embeddedChar => $boolean) {
- $concatEmbeddedChars[] = $embeddedChar;
- }
- }
-
- foreach ($concatEmbeddedChars as $embeddedChar) {
- $embeddedValue = false;
-
- foreach ($expr->getDefs() as $def) {
- $boolean = $def->getIsEmbeddedByChar($embeddedChar);
-
- if ($boolean && $embeddedValue) {
- $embeddedValue = false;
- }
-
- if ($boolean && !$embeddedValue) {
- $embeddedValue = true;
- }
-
- if (!$boolean && $embeddedValue) {
- $embeddedValue = true;
- }
-
- if (!$boolean && !$embeddedValue) {
- $embeddedValue = false;
- }
- }
-
- $defAssign->setIsEmbeddedByChar($embeddedChar, $embeddedValue);
- }
- }
-
- public static function computeSanitizedValues($defAssign, $expr)
- {
- $concatTypesSanitize = [];
- foreach ($expr->getDefs() as $def) {
- if ($def->isSanitized()) {
- foreach ($def->getTypeSanitized() as $typeSanitized) {
- $concatTypesSanitize["$typeSanitized"] = true;
- }
- }
- }
-
- // foreach sanitize types
- foreach ($concatTypesSanitize as $typeSanitized => $booleanTrue) {
- $typeOk = true;
- foreach ($expr->getDefs() as $def) {
- // if we find a tainted value that is not sanitized the defassign is not sanitized
- if (!$def->isTypeSanitized($typeSanitized) && $def->isTainted()) {
- $typeOk = false;
- }
- }
-
- if ($typeOk) {
- $defAssign->setSanitized(true);
- $defAssign->addTypeSanitized($typeSanitized);
- }
- }
- }
-
- public static function copyValues($def, $defAssign)
- {
- $defAssign->setIsEmbeddedByChars($def->getIsEmbeddedByChars(), true);
- $defAssign->setCast($def->getCast());
- $defAssign->setLabel($def->getLabel());
-
- if ($def->getArrayValue() === "PROGPILOT_ALL_INDEX_TAINTED") {
- $defAssign->setArrayValue("PROGPILOT_ALL_INDEX_TAINTED");
- $defAssign->setTaintedByExpr($def->getExpr());
- }
-
- if ($def->property->hasProperty("PROGPILOT_ALL_PROPERTIES_TAINTED")) {
- $defAssign->property->addProperty("PROGPILOT_ALL_PROPERTIES_TAINTED");
- $defAssign->addType(MyDefinition::TYPE_INSTANCE);
- $defAssign->setTaintedByExpr($def->getExpr());
- }
- }
-}
diff --git a/package/src/progpilot/Analysis/VisitorAnalysis.php b/package/src/progpilot/Analysis/VisitorAnalysis.php
index 19b5364a..9a246905 100644
--- a/package/src/progpilot/Analysis/VisitorAnalysis.php
+++ b/package/src/progpilot/Analysis/VisitorAnalysis.php
@@ -10,6 +10,8 @@
namespace progpilot\Analysis;
+use function DeepCopy\deep_copy;
+
use progpilot\Objects\MyFile;
use progpilot\Objects\MyOp;
use progpilot\Objects\ArrayStatic;
@@ -22,6 +24,9 @@
use progpilot\Code\Opcodes;
use progpilot\Code\MyInstruction;
+use progpilot\Helpers\State as HelpersState;
+use progpilot\Helpers\Analysis as HelpersAnalysis;
+
use progpilot\Lang;
use progpilot\Utils;
use progpilot\Analyzer;
@@ -29,9 +34,6 @@
class VisitorAnalysis
{
private $context;
- private $currentStorageMyBlocks;
- private $callStack;
- private $myBlockStack;
private $defs;
private $blocks;
@@ -42,10 +44,6 @@ class VisitorAnalysis
public function __construct()
{
- $this->currentStorageMyBlocks = null;
- $this->callStack = [];
- $this->myBlockStack = [];
-
$this->currentMyFunc = null;
$this->currentContextCall = null;
$this->currentMyBlock = null;
@@ -53,26 +51,21 @@ public function __construct()
$this->defs = null;
$this->blocks = null;
}
-
+
public function funcCall(
- $myCode,
$instruction,
- $code,
- $index,
$funcName,
- $arrFuncCall,
$myFuncCall
) {
$hasSources = false;
-
+
$listMyFunc = [];
+
IncludeAnalysis::funccall(
$this->context,
- $this->defs,
$this->blocks,
- $instruction,
- $code,
- $index
+ $this->defs,
+ $instruction
);
$stackClass = null;
@@ -80,25 +73,28 @@ public function funcCall(
$stackClass = ResolveDefs::funccallClass(
$this->context,
$this->defs->getOutMinusKill($myFuncCall->getBlockId()),
- $myFuncCall
+ $myFuncCall,
+ $instruction
);
- $classOfFuncCallArr = $stackClass[count($stackClass) - 1];
+ $classOfFuncCallArr = $stackClass[0];
+
foreach ($classOfFuncCallArr as $classOfFuncCall) {
$objectId = $classOfFuncCall->getObjectId();
$myClass = $this->context->getObjects()->getMyClassFromObject($objectId);
-
+
if (!is_null($myClass)) {
$visibility = true;
-
$method = $myClass->getMethod($funcName);
+
if (!ResolveDefs::getVisibilityMethod($myFuncCall->getNameInstance(), $method)) {
$method = null;
$visibility = false;
}
if (!is_null($method)) {
- $method->getThisDef()->setObjectId($objectId);
+ // we assign the object of the instance to this->
+ $method->getThisDef()->getCurrentState()->setObjectId($objectId);
}
// twig analysis
@@ -109,40 +105,10 @@ public function funcCall(
}
}
}
-
- $listMyFunc[] = [$objectId, $myClass, $method, $visibility];
-
- $hasSources = TaintAnalysis::funccallSpecifyAnalysis(
- $method,
- $stackClass,
- $this->context,
- $this->defs->getOutMinusKill($myFuncCall->getBlockId()),
- $myClass,
- $myFuncCall,
- $arrFuncCall,
- $instruction,
- $myCode,
- $index
- );
+
+ $listMyFunc[] = [$objectId, $myClass, $method, $visibility, $classOfFuncCall];
}
}
-
- // we didn't resolve any class so the class of method is unknown (undefined)
- // but we authorize to specify method of unknown class during the configuration of sinks ...
- if (count($classOfFuncCallArr) === 0) {
- $hasSources = TaintAnalysis::funccallSpecifyAnalysis(
- null,
- $stackClass,
- $this->context,
- $this->defs->getOutMinusKill($myFuncCall->getBlockId()),
- null,
- $myFuncCall,
- $arrFuncCall,
- $instruction,
- $myCode,
- $index
- );
- }
} elseif ($myFuncCall->isType(MyFunction::TYPE_FUNC_STATIC)) {
$myClassStatic = $this->context->getClasses()->getMyClass(
$myFuncCall->getNameInstance()
@@ -160,69 +126,42 @@ public function funcCall(
$visibility = false;
}
- $listMyFunc[] = [0, $myClassStatic, $method, $visibility];
+ $listMyFunc[] = [0, $myClassStatic, $method, $visibility, null];
+
+ $myDefStatic = new MyDefinition(
+ $this->context->getCurrentBlock()->getId(),
+ $this->context->getCurrentMyFile(),
+ $myFuncCall->getLine(),
+ $myFuncCall->getColumn(),
+ "static"
+ );
- $myDefStatic = new MyDefinition($myFuncCall->getLine(), $myFuncCall->getColumn(), "static");
$idObjectTmp = $this->context->getObjects()->addObject();
- $myDefStatic->setObjectId($idObjectTmp);
+ $myDefStatic->getCurrentState()->setObjectId($idObjectTmp);
$this->context->getObjects()->addMyclassToObject($idObjectTmp, $myClassStatic);
$stackClass[0][0] = $myDefStatic;
-
- $hasSources = TaintAnalysis::funccallSpecifyAnalysis(
- $method,
- $stackClass,
- $this->context,
- $this->defs->getOutMinusKill($myFuncCall->getBlockId()),
- $myClassStatic,
- $myFuncCall,
- $arrFuncCall,
- $instruction,
- $myCode,
- $index
- );
}
} else {
$myFunc = $this->context->getFunctions()->getFunction($funcName);
- $hasSources = TaintAnalysis::funccallSpecifyAnalysis(
- $myFunc,
- null,
- $this->context,
- $this->defs->getOutMinusKill($myFuncCall->getBlockId()),
- null,
- $myFuncCall,
- $arrFuncCall,
- $instruction,
- $myCode,
- $index
- );
-
- $listMyFunc[] = [0, null, $myFunc, true];
+ $listMyFunc[] = [0, null, $myFunc, true, null];
}
-
- \progpilot\Analysis\CustomAnalysis::mustVerifyDefinition(
- $this->context,
- $instruction,
- $myFuncCall,
- $stackClass
- );
foreach ($listMyFunc as $list) {
$objectId = $list[0];
$myClass = $list[1];
$myFunc = $list[2];
$visibility = $list[3];
+ $instance = $list[4];
- ResolveDefs::instanceBuildThis(
+ \progpilot\Analysis\CustomAnalysis::mustVerifyDefinition(
$this->context,
- $this->defs->getOutMinusKill($myFuncCall->getBlockId()),
- $objectId,
- $myClass,
- $myFunc,
- $myFuncCall
+ $instruction,
+ $myFuncCall,
+ $myClass
);
- if (!is_null($myFunc) && !$this->inCallStack($myFunc)) {
+ if (!is_null($myFunc) && !$this->context->inCallStack($myFunc)) {
// the called function is a method and this method exists in the class
if (($myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD)
|| $myFuncCall->isType(MyFunction::TYPE_FUNC_STATIC))
@@ -230,504 +169,1204 @@ public function funcCall(
|| ((!$myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD)
&& !$myFuncCall->isType(MyFunction::TYPE_FUNC_STATIC))
&& !$myFunc->isType(MyFunction::TYPE_FUNC_METHOD))) {
- FuncAnalysis::funccallBefore(
- $this->context,
- $this->defs,
- $myFunc,
- $myFuncCall,
- $instruction,
- $this->context->getClasses()
- );
+ // we don't visit twice function with a long execution time
+ if (HelpersAnalysis::checkIfOneFunctionArgumentIsNew($myFunc, $instruction)
+ || !$myFunc->isVisited()
+ || ($myFunc->isType(MyFunction::TYPE_FUNC_METHOD)
+ && !$myFunc->isType(MyFunction::TYPE_FUNC_STATIC))
+ || $myFunc->hasGlobalVariables()
+ || $myFunc->getName() === "{main}") {
+ // we clean all the param of the function
+ $funcCallBack = "Callbacks::cleanTaintedDef";
+ HelpersAnalysis::forAllDefsOfFunction($funcCallBack, $myFunc);
+
+ $myFunc->cleanOpInformations();
+
+ // we propagate the taint to the params
+ FuncAnalysis::funccallBefore($myFunc, $instruction);
+
+ // we clean all the param of the function
+ // except return defs see functions21.php test case
+ $funcCallBack = "Callbacks::addStateDefAsAPastArgument";
+ HelpersAnalysis::forAllArgumentsOfFunction($funcCallBack, $myFunc, $instruction);
- $myCodefunction = new MyCode;
- $myCodefunction->setCodes($myFunc->getMyCode()->getCodes());
- $myCodefunction->setStart(0);
- $myCodefunction->setEnd(count($myFunc->getMyCode()->getCodes()));
-
- $this->analyze($myCodefunction, $myFuncCall);
+ $myFunc->setIsVisited(true);
+ $myFunc->reset();
+
+ $myCodefunction = new MyCode;
+ $myCodefunction->setCodes($myFunc->getMyCode()->getCodes());
+ $myCodefunction->setStart(0);
+ $myCodefunction->setEnd(count($myFunc->getMyCode()->getCodes()));
+
+ $this->analyzeFunc($myFunc, $myFuncCall);
+
+ if ($myFunc->hasGlobalVariables()) {
+ // we don't want to visit it a second time, it's an approximation for performance
+ $myFunc->setHasGlobalVariables(false);
+
+ foreach ($myFunc->getReturnDefs() as $returnDef) {
+ $returnDefCopy = deep_copy($returnDef);
+ $myFunc->addInitialReturnDef($returnDefCopy);
+ }
+ }
+ } else {
+ $funcCallBack = "Callbacks::addAttributesOfInitialReturnDefs";
+ HelpersAnalysis::forAllReturnDefsOfFunction($funcCallBack, $myFunc);
+ }
}
}
-
- if (!$hasSources) {
- FuncAnalysis::funccallAfter(
- $this->context,
- $this->defs->getOutMinusKill($myFuncCall->getBlockId()),
- $myFuncCall,
- $myFunc,
- $arrFuncCall,
- $instruction,
- $code[$index + 3]
- );
- }
+
+ FuncAnalysis::funccallAfter(
+ $myFunc,
+ $this->context,
+ $myClass,
+ $myFuncCall,
+ $instruction
+ );
$classOfFuncCall = null;
if (is_null($myFunc)) {
- ResolveDefs::funccallReturnValues(
- $this->context,
- $myFuncCall,
- $instruction,
- $myCode,
- $index
- );
-
// representations start
- $this->context->outputs->callgraph->addFuncCall(
+ $this->context->outputs->callgraphAddFuncCall(
+ $this->currentMyFunc,
$this->currentMyBlock,
$myFuncCall,
$myClass
);
// representations end
} else {
- $classOfFuncCall = $myFunc->getMyClass();
-
// representations start
foreach ($myFunc->getBlocks() as $myBlock) {
- $this->context->outputs->callgraph->addChild(
+ $this->context->outputs->callgraphAddChild(
+ $this->currentMyFunc,
$this->currentMyBlock,
$myBlock
);
- $this->context->outputs->cfg->addEdge(
+ $this->context->outputs->cfgAddEdge(
+ $this->currentMyFunc,
$this->currentMyBlock,
$myBlock
);
break;
}
- $this->context->outputs->callgraph->addFuncCall(
+ $this->context->outputs->callgraphAddFuncCall(
+ $this->currentMyFunc,
$this->currentMyBlock,
$myFuncCall,
$myClass
);
// representations end
}
+ }
+ }
- ResolveDefs::instanceBuildBack(
- $this->context,
- $this->defs->getOutMinusKill($myFuncCall->getBlockId()),
- $myFunc,
- $myClass,
- $myFuncCall,
- $visibility
- );
-
- $hasSources = TaintAnalysis::funccallSpecifyAnalysis(
- $myFunc,
- $stackClass,
- $this->context,
- $this->defs->getOutMinusKill($myFuncCall->getBlockId()),
- $classOfFuncCall,
- $myFuncCall,
- $arrFuncCall,
- $instruction,
- $myCode,
- $index
- );
+ public function getMyblock($context)
+ {
+ $this->context = $context;
+ }
+
+ public function setContext($context)
+ {
+ $this->context = $context;
+ }
+
+ public function fetchVariable($variable)
+ {
+ $defsFound = ResolveDefs::selectDefinitions(
+ $this->context,
+ $this->defs->getOutMinusKill($this->currentMyBlock->getId()),
+ $variable
+ );
+
+ $newDefFounds = [];
+ foreach ($defsFound as $defFound) {
+ $newDefFounds[] = $defFound;
}
+
+ return $newDefFounds;
}
- public function inCallStack($curFunc)
+ public function analyzeFunc($myFunc, $myFuncCalled = null)
{
- foreach ($this->callStack as $call) {
- $callFunc = $call[0];
+ if (HelpersAnalysis::checkIfTimeExecutionIsAcceptable($this->context, $myFunc)) {
+ $this->context->outputs->createRepresentationsForFunction($myFunc);
+
+ $startTime = microtime(true);
+
+ $this->currentContextCall = new \stdClass;
+ $this->currentContextCall->func_called = $myFuncCalled;
+ $this->currentContextCall->func_callee = $this->currentMyFunc;
+
+ $this->currentMyFunc = $myFunc;
+ $this->context->setCurrentFunc($this->currentMyFunc);
+
+ $this->defs = $this->currentMyFunc->getDefs();
+ $this->blocks = $this->currentMyFunc->getBlocks();
- if ($callFunc->getName() === $curFunc->getName()
- && !$callFunc->isType(MyFunction::TYPE_FUNC_METHOD)
- && !$curFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- return true;
+ $val = [$this->currentMyFunc,
+ $this->blocks,
+ $this->defs,
+ $this->currentContextCall];
+
+ $this->context->pushToCallStack($val);
+
+ // for the properties data flow
+ $firstBlockIdCalled = $this->currentMyFunc->getFirstBlockId();
+ $firstMyBlockCalled = $this->currentMyFunc->getBlockById($firstBlockIdCalled);
+ $blockOfCallee = $this->currentMyBlock;
+
+ if (!is_null($firstMyBlockCalled)
+ && !is_null($blockOfCallee)) {
+ $firstMyBlockCalled->setVirtualParents([$blockOfCallee]);
+ $firstMyBlockCalled->setNeedUpdateOfState(true);
}
- if ($callFunc->getName() === $curFunc->getName()
- && $callFunc->isType(MyFunction::TYPE_FUNC_METHOD)
- && $curFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- $curClass = $curFunc->getMyClass();
- $callClass = $callFunc->getMyClass();
- if ($curClass->getName() === $callClass->getName()) {
- return true;
+ if ($this->currentMyFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ $myClass = $this->currentMyFunc->getMyClass();
+ if (!is_null($myClass)) {
+ $constructor = $myClass->getMethod("__construct");
+ if (!is_null($constructor)) {
+ $lastBlockIdConstuctor = $constructor->getFirstBlockId();
+ $lastMyBlockConstuctor = $constructor->getBlockById($lastBlockIdConstuctor);
+
+ if (!is_null($firstMyBlockCalled)
+ && !is_null($lastMyBlockConstuctor)) {
+ $firstMyBlockCalled->addVirtualParent($lastMyBlockConstuctor);
+ }
+ }
+
+ $thisDef = $this->currentMyFunc->getThisDef();
+ if ($thisDef->getCurrentState()->getObjectId() === -1) {
+ // we enter in a method with no instance
+ // to analyze frameworks (see frameworks/codeigniter1.php)
+ // we need a default "this"
+ $idObject = $this->context->getObjects()->addObject();
+ $thisDef->getCurrentState()->setObjectId($idObject);
+ $myClass = clone $myClass;
+
+ $this->context->getObjects()->addMyclassToObject($idObject, $myClass);
+ }
}
}
- }
+ // end
- return false;
- }
+ $this->currentMyFunc->setStartExecutionTime(microtime(true));
+ $this->currentMyFunc->setNbExecutions($this->currentMyFunc->getNbExecutions() + 1);
- public function getMyblock($context)
- {
- $this->context = $context;
+ $error = false;
+ foreach ($myFunc->getBlocks() as $myBlock) {
+ if (!$this->analyzeblock($myFunc, $myBlock)) {
+ $error = true;
+ break;
+ }
+ }
+
+ foreach ($myFunc->getBlocks() as $myBlock) {
+ $myBlock->setHasBeenAnalyzed(false);
+ }
+
+ $diffTime = microtime(true) - $myFunc->getStartExecutionTime();
+ $myFunc->setLastExecutionTime($diffTime);
+
+ if ($myFunc->getName() === "{main}") {
+ // free memory
+ unset($myFunc);
+ return;
+ }
+
+ $this->context->popFromCallStack();
+
+ $callStack = $this->context->getCallStack();
+ if (!empty($callStack)) {
+ $lastElement = $callStack[count($callStack) -1];
+
+ $this->currentContextCall = $lastElement[3];
+ $this->defs = $lastElement[2];
+ $this->blocks = $lastElement[1];
+ $this->currentMyFunc = $lastElement[0];
+ $this->context->setCurrentFunc($this->currentMyFunc);
+
+
+ $this->currentMyBlock = $blockOfCallee;
+ $this->context->setCurrentBlock($this->currentMyBlock);
+
+ // for the states data flow
+ $lastBlockIdsCalled = $myFunc->getLastBlockIds();
+ foreach ($lastBlockIdsCalled as $lastBlockIdCalled) {
+ $lastMyBlockCalled = $myFunc->getBlockById($lastBlockIdCalled);
+ // "leave block" has popped the callee block normally
+ $blockOfCallee = $this->currentMyBlock;
+
+ if (!is_null($lastMyBlockCalled) && !is_null($blockOfCallee)) {
+ // we add a new parent and remove the old parents
+ // because the new parent kill the others
+ // see oop/simple13.php
+ $blockOfCallee->setVirtualParents([$lastMyBlockCalled]);
+ $blockOfCallee->setNeedUpdateOfState(true);
+ }
+ }
+
+ $returnDefs = $myFunc->getReturnDefs();
+ foreach ($returnDefs as $returnDef) {
+ $state = $returnDef->getCurrentState();
+ $currentBlockId = $this->context->getCurrentBlock()->getId();
+ $returnDef->assignStateToBlockId($state->getId(), $currentBlockId);
+ }
+
+ // we enter in a new block this "it's a blockswitching" and we need to update states
+ // of the previous function we just left
+ HelpersState::blockSwitching($this->context, $myFunc);
+ // end
+ }
+
+ // memory could has been released
+ if (!$error) {
+ $tmpCallgraph = $this->context->outputs->callgraph[$myFunc->getId()];
+ $tmpCallgraph->computeCallGraph();
+ \progpilot\Analysis\CustomAnalysis::mustVerifyCallFlow($this->context, $tmpCallgraph);
+ }
+ }
}
- public function setContext($context)
+
+ public function analyzeblock($myFunc, $myBlock, $blockStack = [])
{
- $this->context = $context;
+ $myBlock->setHasBeenAnalyzed(false);
+
+ $myFunc->getMyCode()->setStart($myBlock->getStartAddressBlock());
+ $myFunc->getMyCode()->setEnd($myBlock->getEndAddressBlock());
+
+ return $this->analyzecode($myFunc->getMyCode(), $blockStack, true);
}
- public function analyze($myCode, $myFuncCalled = null)
+ public function analyzecode($myCode, $blockStack, $fromParent = false)
{
$startTime = microtime(true);
$index = $myCode->getStart();
$code = $myCode->getCodes();
-
- if ($this->context->getCurrentNbDefs() > $this->context->getLimitDefs()) {
- Utils::printWarning($this->context, Lang::MAX_DEFS_EXCEEDED);
- return;
- }
+ $originalFlow = [];
do {
if (isset($code[$index])) {
$instruction = $code[$index];
-
- if ((microtime(true) - $startTime) > $this->context->getLimitTime()) {
+
+ if ((microtime(true) - $startTime) > $this->context->getMaxFileAnalysisDuration()) {
Utils::printWarning($this->context, Lang::MAX_TIME_EXCEEDED);
- return;
+ return false;
}
- switch ($instruction->getOpcode()) {
- case Opcodes::ENTER_BLOCK:
- $myBlock = $instruction->getProperty(MyInstruction::MYBLOCK);
+ if (HelpersAnalysis::checkCallStackReachMaxTime($this->context)) {
+ Utils::printWarning($this->context, Lang::MAX_TIME_EXCEEDED);
+ return false;
+ }
- if ($this->currentStorageMyBlocks->contains($myBlock)) {
- array_pop($this->myBlockStack);
+ if (memory_get_usage() > ($this->context->getMaxMemory() / 2)) {
+ Utils::printWarning($this->context, Lang::MAX_MEMORY_EXCEEDED);
+ $this->context->resetDataflow();
+ $this->context->outputs->resetRepresentationsForAllFunctions();
+ return false;
+ }
- if (count($this->myBlockStack) > 0) {
- $this->currentMyBlock = $this->myBlockStack[count($this->myBlockStack) - 1];
- }
+ $ret = $this->context->getCurrentFunc()->getNbsOpInformations();
+ if ($ret > 1000) {
+ $this->context->getCurrentFunc()->cleanOpInformations();
+ return false;
+ }
+
+ // needed to have a proper opinformation eachtime:
+ $opInformation["chained_results"] = [];
+ if ($instruction->getOpcode() !== Opcodes::ARRAYDIM_FETCH
+ && $instruction->getOpcode() !== Opcodes::PROPERTY_FETCH) {
+ $originalFlow = [];
+ }
+
+ switch ($instruction->getOpcode()) {
+ case Opcodes::ENTER_BLOCK:
+ $myBlock = $instruction->getProperty(MyInstruction::MYBLOCK);
+ if ($myBlock->hasBeenAnalyzed() || !$fromParent) {
$index = $myBlock->getEndAddressBlock();
break;
}
- $this->currentMyBlock = $myBlock;
-
- array_push($this->myBlockStack, $this->currentMyBlock);
-
- $this->currentStorageMyBlocks->attach($myBlock);
-
-
// we remove this parent because it's a loop while(block1) block2
// and block1 must be analysis before block2
- if (!$myBlock->getIsLoop()) {
- foreach ($myBlock->parents as $blockParent) {
+ array_push($blockStack, $myBlock->getId());
+
+ foreach ($myBlock->parents as $blockParent) {
+ // if not in the stack (it's not a loop)
+ if ($blockParent->getId() !== $myBlock->getId()
+ && !$myBlock->isLoopParent($blockParent)
+ && !$blockParent->hasBeenAnalyzed()
+ && !in_array($blockParent->getId(), $blockStack, true)) {
$addrStart = $blockParent->getStartAddressBlock();
$addrEnd = $blockParent->getEndAddressBlock();
-
- if (!$this->currentStorageMyBlocks->contains($blockParent)) {
- $oldIndexStart = $myCode->getStart();
- $oldIndexEnd = $myCode->getEnd();
- $myCode->setStart($addrStart);
- $myCode->setEnd($addrEnd);
+ $oldIndexStart = $myCode->getStart();
+ $oldIndexEnd = $myCode->getEnd();
- $this->analyze($myCode);
+ $myCode->setStart($addrStart);
+ $myCode->setEnd($addrEnd);
- $myCode->setStart($oldIndexStart);
- $myCode->setEnd($oldIndexEnd);
- }
+ $this->analyzecode($myCode, $blockStack, $fromParent);
+
+ $myCode->setStart($oldIndexStart);
+ $myCode->setEnd($oldIndexEnd);
}
}
+
+ $fromParent = false;
+ $this->currentMyBlock = $myBlock;
+ $this->context->setCurrentBlock($myBlock);
+
+ // we enter in a new block this "it's a blockswitching" and we need to update states
+ $myBlock->setHasBeenAnalyzed(true);
+ $myBlock->setNeedUpdateOfState(true);
+
+ HelpersState::blockSwitching($this->context, $this->currentMyFunc);
break;
case Opcodes::LEAVE_BLOCK:
- array_pop($this->myBlockStack);
+ $myBlock = $instruction->getProperty(MyInstruction::MYBLOCK);
+ array_pop($blockStack);
- if (count($this->myBlockStack) > 0) {
- $this->currentMyBlock = $this->myBlockStack[count($this->myBlockStack) - 1];
+ if (!empty($blockStack)) {
+ $this->currentMyBlock = $blockStack[count($blockStack) - 1];
+ $this->context->setCurrentBlock($this->currentMyBlock);
}
+ // a block can "now" be visited twice (loops), so we put virtual parents added when visiting
+ // functions for instance to the original one
+ $myBlock->setVirtualParents($myBlock->getParents());
+
break;
+
+ case Opcodes::CONCAT_LEFT:
+ $leftid = $instruction->getProperty(MyInstruction::LEFTID);
+ $rightids = $instruction->getProperty(MyInstruction::RIGHTID);
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+
+ $chars = ["'", "<", ">"];
- case Opcodes::LEAVE_FUNCTION:
- $myFunc = $instruction->getProperty(MyInstruction::MYFUNC);
+ $leftOpInformation = $this->context->getCurrentFunc()->getOpInformation($leftid);
- if ($myFunc->getName() === "{main}") {
- return;
+ $opInformation = [];
+ $opInformation["chained_results"] = [];
+ $vars["chained_results"] = [];
+
+ $lastNbChars = HelpersAnalysis::getNbChars("", $chars);
+
+ $leftValues = [];
+ if (isset($leftOpInformation["chained_results"])) {
+ foreach ($leftOpInformation["chained_results"] as $chainedResult) {
+ if (!is_null($chainedResult->getCurrentState())) {
+ $curLastKnownValues = $chainedResult->getCurrentState()->getLastKnownValues();
+ foreach ($curLastKnownValues as $curLastKnownValue) {
+ $leftValues[] = $curLastKnownValue;
+ }
+
+ if (isset($curLastKnownValues[0])) {
+ HelpersAnalysis::updateNbChars($lastNbChars, $curLastKnownValues[0], $chars);
+ }
+
+ if (!in_array($chainedResult, $vars["chained_results"], true)
+ && count($vars["chained_results"]) < 20) {
+ $vars["chained_results"][] = $chainedResult;
+ }
+ }
+ }
}
+
+ $rightValuesSets = [];
+ foreach ($rightids as $rightid) {
+ $rightOpInformation = $this->context->getCurrentFunc()->getOpInformation($rightid);
+ $rightValuesSet = [];
+ if (isset($rightOpInformation["chained_results"])
+ && !empty($rightOpInformation["chained_results"])) {
+ foreach ($rightOpInformation["chained_results"] as $chainedResult) {
+ $curLastKnownValues = $chainedResult->getCurrentState()->getLastKnownValues();
+ $rightValuesSet[] = $curLastKnownValues;
+ $chainedResult->getCurrentState()->updateIsEmbeddedByChars($lastNbChars);
+
+ if (isset($curLastKnownValues[0])) {
+ HelpersAnalysis::updateNbChars($lastNbChars, $curLastKnownValues[0], $chars);
+ }
+
+ if (!in_array($chainedResult, $vars["chained_results"], true)
+ && count($vars["chained_results"]) < 20) {
+ $vars["chained_results"][] = $chainedResult;
+ }
+ }
+ } else {
+ $rightValuesSet[] = "";
+ }
- $val = array_pop($this->callStack);
+ $rightValuesSets[] = $rightValuesSet;
+ }
- $this->currentContextCall = $val[4];
- $this->currentStorageMyBlocks = $val[3];
- $this->defs = $val[2];
- $this->blocks = $val[1];
-
- break;
-
+ if (empty($leftValues)) {
+ $leftValues = [];
+ $leftValues[] = "";
+ }
- case Opcodes::ENTER_FUNCTION:
- $this->currentContextCall = new \stdClass;
- $this->currentContextCall->func_called = $myFuncCalled;
- $this->currentContextCall->func_callee = $this->currentMyFunc;
+ $i = 1;
+ $possibleRightsParts = [];
+ $possibleRightsParts[0] = $leftValues;
+ foreach ($rightValuesSets as $rightValueSet) {
+ $possibleRightsParts[$i] = [];
- $this->currentMyFunc = $instruction->getProperty(MyInstruction::MYFUNC);
- $this->context->setCurrentFunc($this->currentMyFunc);
+ foreach ($rightValueSet as $rightValues) {
+ if (empty($rightValues)) {
+ $possibleRightsParts[$i][] = "";
+ } else {
+ foreach ($rightValues as $rightValue) {
+ // $i = 0
+ // [0][0] = ./dvwa/
+ // [0][1] = ./folder/
+
+ // $i = 1
+ // [1][0] = mid
+
+ // $i = 2
+ // [2][0] = low.php
+ // [2][1] = medium.php
+ $possibleRightsParts[$i][] = $rightValue;
+ }
+ }
+ }
- $val = [
- $this->currentMyFunc,
- $this->blocks,
- $this->defs,
- $this->currentStorageMyBlocks,
- $this->currentContextCall];
- array_push($this->callStack, $val);
+ $i ++;
+ }
- $this->currentStorageMyBlocks = new \SplObjectStorage;
- $this->defs = $this->currentMyFunc->getDefs();
- $this->blocks = $this->currentMyFunc->getBlocks();
+ /*
+ big approximation
+ we took only the first value of the left parts
+ ./dvwa/mid/low.php
+ ./dvwa/mid/medium.php
+ */
+
+ $concats = [];
+ $lastPart = count($possibleRightsParts) - 1;
+ foreach ($possibleRightsParts[$lastPart] as $lastRightPart) {
+ $stringConcat = "";
+ for ($i = 0; $i < ($lastPart); $i ++) {
+ $stringConcat .= $possibleRightsParts[$i][0];
+ }
- break;
-
+ $stringConcat .= $lastRightPart;
+ $concats[] = $stringConcat;
+ }
+
+ $myTemp = new MyDefinition(
+ $this->context->getCurrentBlock()->getId(),
+ $this->context->getCurrentMyFile(),
+ $this->context->getCurrentLine(),
+ $this->context->getCurrentColumn(),
+ "built-in-concatenation"
+ );
+
+ $mergedState = HelpersState::mergeDefsBlockIdStates(
+ $vars["chained_results"],
+ $concats,
+ $this->context->getCurrentBlock()
+ );
+
+ $myTemp->addState($mergedState);
+ $currentBlockId = $this->context->getCurrentBlock()->getId();
+ $myTemp->assignStateToBlockId($mergedState->getId(), $currentBlockId);
+
+ $opInformation["chained_results"][] = $myTemp;
+
+ //$this->context->getCurrentFunc()->cleanOpInformation($leftid);
+ foreach ($rightids as $rightid) {
+ $this->context->getCurrentFunc()->cleanOpInformation($rightid);
+ }
+
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
- case Opcodes::DEFINITION:
- $myDef = $instruction->getProperty(MyInstruction::DEF);
break;
-
- case Opcodes::END_EXPRESSION:
- $expr = $instruction->getProperty(MyInstruction::EXPR);
+ case Opcodes::ARRAYDIM_FETCH:
+ $arrayDim = $instruction->getProperty(MyInstruction::ARRAY_DIM);
+ $originalDef = $instruction->getProperty(MyInstruction::ORIGINAL_DEF);
+
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+
+ $opInformation = [];
+ $opInformation["chained_results"] = [];
+ $opInformation["array_dim"] = $arrayDim;
+
+ // beginning of the chain: $originalDef[0][1]
+ if (!is_null($originalDef)) {
+ $originalFlow = [];
+ $originalFlow[] = $originalDef;
+ $originalFlow[] = "[";
+ $originalFlow[] = $arrayDim;
+ $originalFlow[] = "]";
+
+ if ($originalDef->getName() === "GLOBALS") {
+ $globalDef = new MyDefinition(
+ $this->context->getCurrentBlock()->getId(),
+ $this->context->getCurrentMyFile(),
+ $originalDef->getLine(),
+ $originalDef->getColumn(),
+ $arrayDim
+ );
+
+ $defGlobals = ResolveDefs::selectGlobals($this->context, $globalDef);
+ foreach ($defGlobals as $defGlobal) {
+ $opInformation["chained_results"][] = $defGlobal;
+ }
+ } else {
+ // we get the last definitions
+ $defsFound = ResolveDefs::selectArrays(
+ $this->context,
+ $this->defs->getOutMinusKill($this->currentMyBlock->getId()),
+ $originalDef,
+ $arrayDim
+ );
+
+ foreach ($defsFound as $defFound) {
+ // the element has just been created and right side (!expr)
+ if ($defFound[0]) {
+ if (HelpersAnalysis::isASource(
+ $this->context,
+ $originalDef,
+ null,
+ $arrayDim
+ )) {
+ foreach ($defFound[1] as $delEle) {
+ $delEle->getCurrentState()->setTainted(true);
+ }
+ }
+ }
+
+ // just for the flow
+ foreach ($defFound[1] as $delEle) {
+ $delEle->original->setDef($originalFlow);
+ $delEle->original->setArrayIndexAccessor($arrayDim);
+ $opInformation["chained_results"][] = $delEle;
+ }
+ }
+
+ // could be a built-in array/source
+ if (empty($defsFound)) {
+ // right side
+ if (HelpersAnalysis::isASource($this->context, $originalDef, null, $arrayDim)) {
+ $originalDef->getCurrentState()->setTainted(true);
+ // just for the flow
+ $originalDef->original->setDef($originalFlow);
+ $originalDef->original->setArrayIndexAccessor($arrayDim);
- if ($expr->isAssign()) {
- $defAssign = $expr->getAssignDef();
+ $opInformation["chained_results"][] = $originalDef;
+ }
+ }
+ }
- /*
- * we have all the resolved defs so maybe when we have two def for one tempdef
- * that could lead to abuse the compute of embedded chars for example
- * but it's not because all def have the same name (they have been resolved)
- * and so same embedded char of tempdef
- */
+ $opInformation["original_def"] = $originalDef;
- ValueAnalysis::computeSanitizedValues($defAssign, $expr);
- ValueAnalysis::computeEmbeddedChars($defAssign, $expr);
- ValueAnalysis::computeCastValues($defAssign, $expr);
- ValueAnalysis::computeKnownValues($defAssign, $expr);
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
+ } else {
+ // we are in the middle of the chain thus we can access the previous chained object
+ $previousOpInformation = $this->context->getCurrentFunc()->getOpInformation($varid);
+
+ if (isset($previousOpInformation["chained_results"])) {
+ foreach ($previousOpInformation["chained_results"] as $previousChainedResult) {
+ $state = $previousChainedResult->getState($this->currentMyBlock->getId());
+ if (!is_null($state)) {
+ $newArrs = $state->getOrCreateDefArrayIndex(
+ $this->currentMyBlock->getId(),
+ $previousChainedResult,
+ $arrayDim
+ )[1];
+
+ $previousToSlice = 3;
+ if (str_ends_with($previousChainedResult->getName(), "_return")) {
+ $previousToSlice = 4;
+ $originalFlow[] = $previousChainedResult;
+ }
+ $originalFlow[] = "[";
+ $originalFlow[] = $arrayDim;
+ $originalFlow[] = "]";
+
+ foreach ($newArrs as $newArr) {
+ // just for the flow
+ $newArr->original->setDef($originalFlow);
+ $opInformation["chained_results"][] = $newArr;
+ }
+
+ if (count($previousOpInformation["chained_results"]) > 1) {
+ $endEle = count($originalFlow) - $previousToSlice;
+ $originalFlow = array_slice($originalFlow, 0, $endEle);
+ }
+ }
+ }
+ }
+
+ if (isset($previousOpInformation["original_def"])) {
+ $opInformation["original_def"] = $previousOpInformation["original_def"];
+ }
+
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
}
+ $this->context->getCurrentFunc()->cleanOpInformation($varid);
+
break;
+ case Opcodes::STATIC_PROPERTY_FETCH:
+ $propertyName = $instruction->getProperty(MyInstruction::PROPERTY_NAME);
+ $originalDef = $instruction->getProperty(MyInstruction::ORIGINAL_DEF);
+
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+
+ // beginning of the chain: $originalDef->foo->bar
+ if (!is_null($originalDef)) {
+ $originalFlow = [];
+ $originalFlow[] = $originalDef;
+ $originalFlow[] = "::";
+ $originalFlow[] = $propertyName;
+
+ $originalDef->setId(0);
+ $defFound = ResolveDefs::selectStaticProperties(
+ $this->context,
+ $originalDef,
+ $propertyName
+ );
- case Opcodes::TEMPORARY:
- $listOfMyTemp = [];
- if ($instruction->isPropertyExist(MyInstruction::PHI)) {
- for ($i = 0; $i < $instruction->getProperty(MyInstruction::PHI); $i++) {
- $listOfMyTemp[] = $instruction->getProperty("temp_".$i);
+ if (!is_null($defFound)) {
+ // just for the flow
+ $defFound->original->setDef($originalFlow);
+ $opInformation["chained_results"][] = $defFound;
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
}
- } else {
- $listOfMyTemp[] = $instruction->getProperty(MyInstruction::TEMPORARY);
}
-
- foreach ($listOfMyTemp as $tempDefa) {
- $tempDefaMyExpr = $tempDefa->getExpr();
- $defAssignMyExpr = $tempDefaMyExpr->getAssignDef();
-
- $sourceArr = $this->context->inputs->getSourceArrayByName(
- $tempDefa,
- $tempDefa->getArrayValue()
+
+ $this->context->getCurrentFunc()->cleanOpInformation($varid);
+
+ break;
+
+
+ case Opcodes::PROPERTY_FETCH:
+ $propertyName = $instruction->getProperty(MyInstruction::PROPERTY_NAME);
+ $originalDef = $instruction->getProperty(MyInstruction::ORIGINAL_DEF);
+
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+
+ $opInformation = [];
+ $opInformation["chained_results"] = [];
+ $opInformation["array_dim"] = null;
+
+ // beginning of the chain: $originalDef->foo->bar
+ if (!is_null($originalDef)) {
+ $originalFlow[] = $originalDef;
+ $originalFlow[] = "->";
+ $originalFlow[] = $propertyName;
+
+ $originalDef->setId(0);
+ $defsFound = ResolveDefs::selectProperties(
+ $this->context,
+ $this->defs->getOutMinusKill($this->currentMyBlock->getId()),
+ $originalDef,
+ $propertyName
);
- // if we use directly echo $_GET["b"];
- if (!is_null($sourceArr)) {
- $tempDefa->setArrayValue("PROGPILOT_ALL_INDEX_TAINTED");
- $tempDefa->setLabel($sourceArr->getLabel());
- }
-
- if ($tempDefaMyExpr->isAssign() && !$tempDefaMyExpr->isAssignIterator()) {
- ArrayAnalysis::copyArray(
+
+ foreach ($defsFound as $defFoundArr) {
+ $defFound = $defFoundArr[0];
+ $myClassFound = $defFoundArr[1];
+ if (HelpersAnalysis::isASource($this->context, $defFound, $myClassFound, null)) {
+ $defFound->getCurrentState()->setTainted(true);
+ }
+
+ \progpilot\Analysis\CustomAnalysis::defineObject(
$this->context,
- $this->defs->getOutMinusKill($tempDefa->getBlockId()),
- $tempDefa,
- $tempDefa->getArrayValue(),
- $defAssignMyExpr,
- $defAssignMyExpr->getArrayValue()
+ $instruction,
+ $defFound,
+ $myClassFound,
+ null
);
+
+ // just for the flow
+ $defFound->original->setDef($originalFlow);
+ $opInformation["chained_results"][] = $defFound;
}
+
+ $opInformation["original_def"] = $originalDef;
+ } else {
+ $originalFlow[] = "->";
+ $originalFlow[] = $propertyName;
+ // we are in the middle of the chain thus we can access the previous chained object
+ $previousOpInformation = $this->context->getCurrentFunc()->getOpInformation($varid);
- // stackclass is null
- // so if we have document a object HTMLDocument is created
- $myClassNew = \progpilot\Analysis\CustomAnalysis::defineObject(
- $this->context,
- $tempDefa,
- null
- );
-
- if (!is_null($myClassNew)) {
- $objectId = $this->context->getObjects()->addObject();
-
- $tempDefa->addType(MyDefinition::TYPE_INSTANCE);
- $tempDefa->setObjectId($objectId);
-
- $myClass = $this->context->getClasses()->getMyClass($myClassNew->getName());
-
- if (is_null($myClass)) {
- $myClass = new MyClass(
- $tempDefa->getLine(),
- $tempDefa->getColumn(),
- $myClassNew->getName()
- );
+ if (isset($previousOpInformation["original_def"])) {
+ $opInformation["original_def"] = $previousOpInformation["original_def"];
+ }
+
+ if (isset($previousOpInformation["chained_results"])) {
+ foreach ($previousOpInformation["chained_results"] as $previousChainedResult) {
+ $state = $previousChainedResult->getState($this->currentMyBlock->getId());
+ if (!is_null($state)) {
+ $idObject = $state->getObjectId();
+ $tmpMyClass = $this->context->getObjects()->getMyClassFromObject($idObject);
+
+ if (!is_null($tmpMyClass)) {
+ $property = $tmpMyClass->getProperty(
+ $this->context,
+ $this->currentMyBlock->getId(),
+ $previousChainedResult,
+ $propertyName
+ );
+
+ if (!is_null($property)
+ && ResolveDefs::getVisibility(
+ $previousChainedResult,
+ $property,
+ $this->context->getCurrentFunc()
+ )) {
+ $opInformation["chained_results"][] = $property;
+ }
+ }
+ }
}
+ }
+ }
+
+ $this->context->getCurrentFunc()->cleanOpInformation($varid);
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
+
+ break;
+
+
+ case Opcodes::LITERAL_FETCH:
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $def = $instruction->getProperty(MyInstruction::DEF);
+
+ $opInformation = $this->context->getCurrentFunc()->getOpInformation($resultid);
+
+ $opInformation["chained_results"][] = $def;
+
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
+
+ break;
+
- $this->context->getObjects()->addMyclassToObject($objectId, $myClass);
+ case Opcodes::CONST_FETCH:
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $def = $instruction->getProperty(MyInstruction::DEF);
+
+ $opInformation = $this->context->getCurrentFunc()->getOpInformation($resultid);
+
+ $defFounds = $this->fetchVariable($def);
+ if (empty($defFounds)) {
+ $opInformation["chained_results"][] = $def;
+ } else {
+ foreach ($defFounds as $defFound) {
+ if ($defFound->isType(MyDefinition::TYPE_CONSTANTE)) {
+ $opInformation["chained_results"][] = $defFound;
+ }
}
- /////////////////////////////////////////////////////////////
-
- $tainted = false;
- $stackClass = null;
+ }
- if ($tempDefa->isType(MyDefinition::TYPE_PROPERTY)) {
- $stackClass = ResolveDefs::propertyClass($this->context, $this->defs, $tempDefa);
- $classOfTempDefArr = $stackClass[count($stackClass) - 1];
-
- foreach ($classOfTempDefArr as $classOfTempDef) {
- $objectIdTmp = $classOfTempDef->getObjectId();
- $myClassFromObject =
- $this->context->getObjects()->getMyClassFromObject($objectIdTmp);
-
- if (!is_null($myClassFromObject)) {
- $sourceTmp = $this->context->inputs->getSourceByName(
- $stackClass,
- $tempDefa,
- false,
- $myClassFromObject->getName(),
- $tempDefa->getArrayValue()
- );
-
- if (!is_null($sourceTmp)) {
- $tainted = true;
- $tempDefa->setLabel($sourceTmp->getLabel());
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
+
+ break;
+
+
+ case Opcodes::ITERATOR:
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+
+ $opDataVar = $this->context->getCurrentFunc()->getOpInformation($varid);
+
+ $opInformation = [];
+ $opInformation["iterator"][] = true;
+
+ if (!is_null($opDataVar) && isset($opDataVar["chained_results"])) {
+ foreach ($opDataVar["chained_results"] as $chainedResult) {
+ $state = $chainedResult->getCurrentState();
+ if (!is_null($state)) {
+ if ($state->isType(MyDefinition::TYPE_ARRAY)
+ && !$state->isType(MyDefinition::TYPE_INSTANCE)) {
+ foreach ($state->getArrayIndexes() as $arrayIndex) {
+ $element = $arrayIndex->def;
+ $opInformation["chained_results"][] = $element;
+ }
+ } elseif (($state->isType(MyDefinition::TYPE_INSTANCE)
+ && $state->isType(MyDefinition::TYPE_ARRAY)) ||
+ $state->isType(MyDefinition::TYPE_ARRAY_ARRAY)) {
+ // probably a source arrayofobjects arrayofarrays
+ if ($state->isType(MyDefinition::ALL_PROPERTIES_TAINTED)) {
+ $opInformation["chained_results"][] = $chainedResult;
+ } elseif ($state->isType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED)) {
+ $opInformation["chained_results"][] = $chainedResult;
+ }
+ }
+ }
+ }
+ }
+
+ $this->context->getCurrentFunc()->cleanOpInformation($varid);
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
+
+ break;
+
+
+ case Opcodes::VARIABLE_FETCH:
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $exprid = $instruction->getProperty(MyInstruction::EXPRID);
+ $variable = $instruction->getProperty(MyInstruction::DEF);
+
+ $id = is_null($varid) ? $exprid : $varid;
+
+ $opInformation = [];
+
+ $newDefFounds = [];
+ $defFounds = $this->fetchVariable($variable);
+
+ foreach ($defFounds as $defFound) {
+ if ($defFound->isType(MyDefinition::TYPE_GLOBAL)) {
+ $defGlobals = ResolveDefs::selectGlobals($this->context, $defFound);
+ foreach ($defGlobals as $defGlobal) {
+ $newDefFounds[] = $defGlobal;
+ }
+ } elseif ($defFound->isType(MyDefinition::TYPE_REFERENCE)) {
+ foreach ($defFound->getRefs() as $ref) {
+ // a classic (not array/property) could have been overwritten
+ // we should search for the last variables
+
+ if (!$ref->isType(MyDefinition::TYPE_ARRAY_ELEMENT)
+ && !$ref->isType(MyDefinition::TYPE_PROPERTY)) {
+ $refbis = clone $ref;
+ $refbis->setBlockId($variable->getBlockId());
+ $refbis->setLine($variable->getLine());
+ $refbis->setColumn($variable->getColumn());
+ $defFoundsRef = $this->fetchVariable($refbis);
+ foreach ($defFoundsRef as $refBis) {
+ $newDefFounds[] = $refBis;
}
+ } else {
+ $newDefFounds[] = $ref;
}
}
+ } elseif ($defFound->isType(MyDefinition::TYPE_ITERATOR)) {
+ foreach ($defFound->getIteratorValues() as $iteratorValue) {
+ // just for the flow
+ $originalFlow = [];
+ $originalFlow[] = $variable;
+ $iteratorValue->original->setDef($originalFlow);
+ $newDefFounds[] = $iteratorValue;
+ }
} else {
- $sourceTmp = $this->context->inputs->getSourceByName(
- null,
- $tempDefa,
- false,
- false,
- $tempDefa->getArrayValue()
- );
-
- if (!is_null($sourceTmp)) {
- $tainted = true;
- $tempDefa->setLabel($sourceTmp->getLabel());
+ $newDefFounds[] = $defFound;
+ }
+ }
+
+ if (empty($defFounds)) {
+ // could be a built-in sources
+ // phpwander/test3.php
+
+ $source = $this->context->inputs->getSourceByName($variable, null, null);
+ if (!is_null($source)) {
+ if ($source->getIsArray() && empty($source->getArrayValue())) {
+ $variable->getCurrentState()->addType(MyDefinition::TYPE_ARRAY);
+ $variable->getCurrentState()->addType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED);
+ $newDefFounds[] = $variable;
}
}
-
- $tempDefa->setTainted($tainted);
+ }
+
+ $opInformation = [];
+ $opInformation["chained_results"] = $newDefFounds;
+ $opInformation["original_def"] = $variable;
+ $opInformation["array_dim"] = null;
+
+ /* what to clean?? */
+ $this->context->getCurrentFunc()->cleanOpInformation($varid);
+ $this->context->getCurrentFunc()->cleanOpInformation($exprid);
+ $this->context->getCurrentFunc()->storeOpInformation($id, $opInformation);
+
+ break;
+
- $defs = ResolveDefs::temporarySimple(
- $this->context,
- $this->defs,
- $tempDefa,
- $tempDefaMyExpr->isAssignIterator(),
- $tempDefaMyExpr->isAssign(),
- $this->callStack
+ case Opcodes::ARGUMENT:
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $idparam = $instruction->getProperty("idparam");
+ $def = $instruction->getProperty("argdef$idparam");
+
+ $opDataVar = $this->context->getCurrentFunc()->getOpInformation($varid);
+ $concatValues = isset($opDataVar["concats_values"]) ? $opDataVar["concats_values"] : [];
+
+ if (isset($opDataVar["chained_results"])) {
+ $mergedState = HelpersState::mergeDefsBlockIdStates(
+ $opDataVar["chained_results"],
+ $concatValues,
+ $this->context->getCurrentBlock()
);
- ValueAnalysis::updateStorageToExpr($tempDefaMyExpr);
- $storageCast = ValueAnalysis::$exprsCast[$tempDefaMyExpr];
- $storageKnownValues = ValueAnalysis::$exprsKnownValues[$tempDefaMyExpr];
-
- foreach ($defs as $def) {
- $safe = AssertionAnalysis::temporarySimple(
- $this->context,
- $this->defs,
- $this->currentMyBlock,
- $def,
- $tempDefa
- );
-
- $visibility = ResolveDefs::getVisibilityFromInstances(
- $this->context,
- $this->defs->getOutMinusKill($def->getBlockId()),
- $defAssignMyExpr
- );
-
- if ($visibility) {
- $storageCast[] = $tempDefa->getCast();
- $storageKnownValues["".$tempDefa->getId().""][] = $def->getLastKnownValues();
+ $def->addState($mergedState);
+ $currentBlockId = $this->context->getCurrentBlock()->getId();
+ $def->assignStateToBlockId($mergedState->getId(), $currentBlockId);
+ }
- $def->setIsEmbeddedByChars($tempDefa->getIsEmbeddedByChars(), true);
- }
+ $this->context->getCurrentFunc()->cleanOpInformation($varid);
- if ($visibility && !$safe) {
- TaintAnalysis::setTainted($def->isTainted(), $defAssignMyExpr, $tempDefaMyExpr);
- ValueAnalysis::copyValues($def, $defAssignMyExpr);
-
- if ($def->getLabel() === MyDefinition::SECURITY_HIGH) {
- \progpilot\Analysis\CustomAnalysis::disclosureOfInformation(
- $this->context,
- $this->defs,
- $defAssignMyExpr
- );
- }
- }
+ break;
- // vérifier s'il y a pas de concat
- // mise a jour de l'object
- if ($def->isType(MyDefinition::TYPE_INSTANCE)) {
- $defAssignMyExpr->addType(MyDefinition::TYPE_INSTANCE);
- $defAssignMyExpr->setObjectId($def->getObjectId());
- $tmpMyClass = $this->context->getObjects()->getMyClassFromObject(
- $def->getObjectId()
- );
- if (!is_null($tmpMyClass)) {
- foreach ($tmpMyClass->getProperties() as $property) {
- $myDefTemp = new MyDefinition(
- $tempDefa->getLine(),
- $tempDefa->getColumn(),
- $tempDefa->getName()
- );
- $myDefTemp->addType(MyDefinition::TYPE_PROPERTY);
- $myDefTemp->property->setProperties($property->property->getProperties());
- $myDefTemp->setBlockId($tempDefa->getBlockId());
- $myDefTemp->setSourceMyFile($tempDefa->getSourceMyFile());
- $myDefTemp->setId($tempDefa->getId());
+ case Opcodes::END_ASSIGN:
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $exprid = $instruction->getProperty(MyInstruction::EXPRID);
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $def = $instruction->getProperty(MyInstruction::DEF);
+ $literal = $instruction->getProperty(MyInstruction::LITERAL);
+ $reference = $instruction->getProperty(MyInstruction::REFERENCE);
- $defsFound = ResolveDefs::selectProperties(
- $this->context,
- $this->defs->getOutMinusKill($tempDefa->getBlockId()),
- $myDefTemp,
- true
+ $opVarData = $this->context->getCurrentFunc()->getOpInformation($varid);
+ $opExprData = $this->context->getCurrentFunc()->getOpInformation($exprid);
+ $opResultData = $this->context->getCurrentFunc()->getOpInformation($resultid);
+
+ $concatValues = isset($opExprData["concats_values"]) ? $opExprData["concats_values"] : [];
+
+ if (is_null($opExprData) && !is_null($literal)) {
+ $opExprData["chained_results"] = [];
+ $opExprData["chained_results"][] = $literal;
+ }
+
+ // return function $def case for instance
+ if (is_null($opVarData) && !is_null($def)) {
+ $opVarData["chained_results"] = [];
+ $opVarData["chained_results"][] = $def;
+ }
+
+ // don't need to resolve variable we have already access to it
+ // ssa = 1) result=var3 2) expr=var3
+ if (!is_null($opExprData) && isset($opExprData["chained_results"])) {
+ $mergedState = HelpersState::mergeDefsBlockIdStates(
+ $opExprData["chained_results"],
+ $concatValues,
+ $this->context->getCurrentBlock()
+ );
+
+ if (!is_null($opVarData) && isset($opVarData["chained_results"])) {
+ foreach ($opVarData["chained_results"] as $chainedResult) {
+ if (isset($opExprData["iterator"]) && $opExprData["iterator"]) {
+ $chainedResult->addType(MyDefinition::TYPE_ITERATOR);
+ $chainedResult->setIteratorValues($opExprData["chained_results"]);
+ } else {
+ if ($chainedResult->getNbStates() < 20) {
+ $chainedResult->addState($mergedState);
+ $currentBlockId = $this->context->getCurrentBlock()->getId();
+ $chainedResult->assignStateToBlockId(
+ $mergedState->getId(),
+ $currentBlockId
);
-
- foreach ($defsFound as $defFound) {
- if ($defFound->isType(MyDefinition::TYPE_COPY_ARRAY)) {
- $property->setCopyArrays($defFound->getCopyArrays());
- $property->addType(MyDefinition::TYPE_COPY_ARRAY);
- }
-
- TaintAnalysis::setTainted(
- $defFound->isTainted(),
- $property,
- $defFound->getTaintedByExpr()
- );
-
- if ($defFound->isSanitized()) {
- $property->setSanitized(true);
- foreach ($defFound->getTypeSanitized() as $typeSanitized) {
- $property->addTypeSanitized($typeSanitized);
- }
- }
+
+ if ($reference) {
+ $chainedResult->addType(MyDefinition::TYPE_REFERENCE);
+ $chainedResult->setRefs($opExprData["chained_results"]);
}
}
}
+ $opResultData["chained_results"][] = $chainedResult;
}
+
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opResultData);
}
-
- ValueAnalysis::$exprsCast[$tempDefaMyExpr] = $storageCast;
- ValueAnalysis::$exprsKnownValues[$tempDefaMyExpr] = $storageKnownValues;
}
+ $this->context->getCurrentFunc()->cleanOpInformation($varid);
+ $this->context->getCurrentFunc()->cleanOpInformation($exprid);
+
break;
+ case Opcodes::CAST:
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $exprid = $instruction->getProperty(MyInstruction::EXPRID);
+ $typeCast = $instruction->getProperty("type_cast");
+
+ $rightOpInformation = $this->context->getCurrentFunc()->getOpInformation($exprid);
+ $leftOpInformation =
+ $this->context->getCurrentFunc()->getOpInformation($resultid);
+
+ if (isset($rightOpInformation["chained_results"])
+ && $typeCast === MyDefinition::CAST_NOT_SAFE) {
+ foreach ($rightOpInformation["chained_results"] as $chainedResult) {
+ $leftOpInformation["chained_results"][] = $chainedResult;
+ }
+
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $leftOpInformation);
+ }
+
+ $this->context->getCurrentFunc()->cleanOpInformation($exprid);
+
+ break;
+
+
+
+ case Opcodes::COND_BOOLEAN_NOT:
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $exprid = $instruction->getProperty(MyInstruction::EXPRID);
+
+ $rightOpInformation = $this->context->getCurrentFunc()->getOpInformation($exprid);
+ $rightOpInformation["not_boolean"] = true;
+
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $rightOpInformation);
+ $this->context->getCurrentFunc()->cleanOpInformation($exprid);
+
+ break;
+
+
+
+ case Opcodes::BINARYOP:
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $leftid = $instruction->getProperty(MyInstruction::LEFTID);
+ $rightid = $instruction->getProperty(MyInstruction::RIGHTID);
+
+ $leftOpInformation = $this->context->getCurrentFunc()->getOpInformation($leftid);
+ $rightOpInformation = $this->context->getCurrentFunc()->getOpInformation($rightid);
+
+ $opInformation = [];
+ $opInformation["condition_defs"] = [];
+
+ if (isset($leftOpInformation["condition_defs"])) {
+ $opInformation["condition_defs"] = $leftOpInformation["condition_defs"];
+ }
+
+ if (isset($rightOpInformation["condition_defs"])) {
+ $opInformation["condition_defs"] =
+ array_merge($rightOpInformation["condition_defs"], $opInformation["condition_defs"]);
+ }
+
+ $this->context->getCurrentFunc()->cleanOpInformation($leftid);
+ $this->context->getCurrentFunc()->cleanOpInformation($rightid);
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
+
+ break;
+
+
+ case Opcodes::COND_START_IF:
+ $conds = $instruction->getProperty(MyInstruction::EXPRID);
+ $myBlockIf = $instruction->getProperty(MyInstruction::MYBLOCK_IF);
+ $myBlockElse = $instruction->getProperty(MyInstruction::MYBLOCK_ELSE);
+ $opExprData = $this->context->getCurrentFunc()->getOpInformation($conds);
+
+ $validwhenreturning = true;
+ if (isset($opExprData["valid_when_returning"])) {
+ $validwhenreturning = $opExprData["valid_when_returning"];
+ }
+
+ $notboolean = false;
+ if (isset($opExprData["not_boolean"])
+ && $opExprData["not_boolean"]) {
+ $notboolean = true;
+ $block = $validwhenreturning ? $myBlockElse : $myBlockIf;
+ } else {
+ $block = $validwhenreturning ? $myBlockIf : $myBlockElse;
+ }
+
+ if (!is_null($opExprData) && isset($opExprData["condition_defs"])) {
+ foreach ($opExprData["condition_defs"] as $chainedResult) {
+ $callback = "Callbacks::addValidAssertion";
+ HelpersAnalysis::forEachTaintedByDefs($chainedResult, $block, $callback);
+ }
+ }
+
+ foreach ($block->getReturnDefs() as $defReturn) {
+ $defReturn->setReturnedFromValidator(true);
+ $defReturn->setValidWhenReturning($validwhenreturning);
+ $defReturn->setValidNotBoolean($notboolean);
+ }
+
+ $this->context->getCurrentFunc()->cleanOpInformation($conds);
+
+ break;
+
+
+ case Opcodes::ARRAY_EXPR:
+ $resultid = $instruction->getProperty(MyInstruction::RESULTID);
+ $opInformation = $this->context->getCurrentFunc()->getOpInformation($resultid);
+ $nbkeys = $instruction->getProperty("nbkeys");
+
+ for ($i = 0; $i < $nbkeys; $i ++) {
+ $valueid = $instruction->getProperty("value".$i);
+ $keyid = $instruction->getProperty("key".$i);
+
+ $keyData = $this->context->getCurrentFunc()->getOpInformation($keyid);
+ $valueData = $this->context->getCurrentFunc()->getOpInformation($valueid);
+
+ $keys = [];
+
+ if (!is_null($keyData) && isset($keyData["chained_results"])) {
+ foreach ($keyData["chained_results"] as $chainedResult) {
+ $lastKnownValues = $chainedResult->getCurrentState()->getLastKnownValues();
+ foreach ($lastKnownValues as $lastKnownValue) {
+ $keys[] = $lastKnownValue;
+ }
+ }
+ } else {
+ $keys[] = $i;
+ }
+
+ $valuesDef = [];
+ if (!is_null($valueData) && isset($valueData["chained_results"])) {
+ foreach ($valueData["chained_results"] as $chainedResult) {
+ $valuesDef[] = $chainedResult;
+ }
+ }
+
+ $myTemp = new MyDefinition(
+ $this->context->getCurrentBlock()->getId(),
+ $this->context->getCurrentMyFile(),
+ $this->context->getCurrentLine(),
+ $this->context->getCurrentColumn(),
+ "tmp_array"
+ );
+
+ $myTemp->getCurrentState()->addType(MyDefinition::TYPE_ARRAY);
+
+ foreach ($keys as $key) {
+ $newEle = $myTemp->getCurrentState()->createDefArrayIndex(
+ $myTemp->getBlockId(),
+ $myTemp,
+ $key
+ )[1][0];
+
+ $mergedState = HelpersState::mergeDefsBlockIdStates(
+ $valuesDef,
+ [],
+ $this->context->getCurrentBlock()
+ );
+
+ $newEle->addState($mergedState);
+ $currentBlockId = $this->context->getCurrentBlock()->getId();
+ $newEle->assignStateToBlockId($mergedState->getId(), $currentBlockId);
+ }
+
+ $opInformation["chained_results"][] = $myTemp;
+
+ $this->context->getCurrentFunc()->cleanOpInformation($keyid);
+ $this->context->getCurrentFunc()->cleanOpInformation($valueid);
+ $this->context->getCurrentFunc()->storeOpInformation($resultid, $opInformation);
+ }
+
+ break;
+
+
case Opcodes::FUNC_CALL:
$funcName = $instruction->getProperty(MyInstruction::FUNCNAME);
- $arrFuncCall = $instruction->getProperty(MyInstruction::ARR);
$myFuncCall = $instruction->getProperty(MyInstruction::MYFUNC_CALL);
- $myExpr = $instruction->getProperty(MyInstruction::EXPR);
-
+
if ($funcName === "call_user_func" || $funcName === "call_user_func_array") {
if ($instruction->isPropertyExist("argdef0")) {
$defArg = $instruction->getProperty("argdef0");
@@ -742,23 +1381,25 @@ public function analyze($myCode, $myFuncCalled = null)
if ($funcName === "call_user_func") {
for ($nbParams = 1; $nbParams < $myFuncCall->getNbParams(); $nbParams ++) {
$oldDefArg = $instruction->getProperty("argdef$nbParams");
- $oldExprArg = $instruction->getProperty("argexpr$nbParams");
$newNbParams = $nbParams - 1;
$newInst->addProperty("argdef$newNbParams", $oldDefArg);
- $newInst->addProperty("argexpr$newNbParams", $oldExprArg);
}
$myFunctionCall->setNbParams($myFuncCall->getNbParams() - 1);
} else {
if ($instruction->isPropertyExist("argdef1")) {
$defArgParam = $instruction->getProperty("argdef1");
-
- if ($defArgParam->isType(MyDefinition::TYPE_COPY_ARRAY)) {
+ if ($defArgParam->getCurrentState()->isType(MyDefinition::TYPE_ARRAY)) {
$newNbParams = 0;
- foreach ($defArgParam->getCopyArrays() as $copyArray) {
- $newInst->addProperty("argdef$newNbParams", $copyArray[1]);
- $newInst->addProperty("argexpr$newNbParams", $copyArray[1]->getExpr());
+ $arrayIndexes = $defArgParam->getCurrentState()->getArrayIndexes();
+
+ foreach ($arrayIndexes as $arrayIndex) {
+ // simulate argument operation
+ $newdef = clone $arrayIndex->def;
+ $newdef->removeType(MyDefinition::TYPE_ARRAY_ELEMENT);
+
+ $newInst->addProperty("argdef$newNbParams", $newdef);
$newNbParams ++;
}
@@ -769,32 +1410,22 @@ public function analyze($myCode, $myFuncCalled = null)
}
$newInst->addProperty(MyInstruction::MYFUNC_CALL, $myFunctionCall);
- $newInst->addProperty(MyInstruction::EXPR, $myExpr);
- $newInst->addProperty(MyInstruction::ARR, $arrFuncCall);
-
- foreach ($defArg->getLastKnownValues() as $lastValue) {
+
+ foreach ($defArg->getCurrentState()->getLastKnownValues() as $lastValue) {
$myFunctionCall->setName($lastValue);
$newInst->addProperty(MyInstruction::FUNCNAME, $lastValue);
$this->funcCall(
- $myCode,
$newInst,
- $code,
- $index,
$lastValue,
- $arrFuncCall,
$myFunctionCall
);
}
}
} else {
$this->funcCall(
- $myCode,
$instruction,
- $code,
- $index,
$funcName,
- $arrFuncCall,
$myFuncCall
);
}
@@ -805,5 +1436,7 @@ public function analyze($myCode, $myFuncCalled = null)
$index = $index + 1;
}
} while (isset($code[$index]) && $index <= $myCode->getEnd());
+
+ return true;
}
}
diff --git a/package/src/progpilot/Analyzer.php b/package/src/progpilot/Analyzer.php
index 0954fe17..70e69bbd 100644
--- a/package/src/progpilot/Analyzer.php
+++ b/package/src/progpilot/Analyzer.php
@@ -9,9 +9,13 @@
namespace progpilot;
+use PHPCfg\Printer;
use progpilot\Utils;
use progpilot\Code\MyCode;
use progpilot\Objects\MyFile;
+use progpilot\Helpers\Analysis as HelpersAnalysis;
+
+use function DeepCopy\deep_copy;
class Analyzer
{
@@ -35,22 +39,21 @@ public function __construct()
public function getFilesOfDir($context, $dir, &$files)
{
- if (is_dir($dir) && !$context->inputs->isExcludedFolder($dir)) {
+ if (is_dir($dir) && !$context->inputs->isExcludedFile($dir)) {
$filesanddirs = @scandir($dir);
if ($filesanddirs !== false) {
foreach ($filesanddirs as $filedir) {
if ($filedir !== '.' && $filedir !== "..") {
- $folderorfile = $dir."/".$filedir;
+ $folderorfile = $dir.DIRECTORY_SEPARATOR.$filedir;
if (is_dir($folderorfile)) {
- if (!$context->inputs->isExcludedFolder($folderorfile)) {
- $this->getFilesOfDir($context, $folderorfile, $files);
- }
+ $this->getFilesOfDir($context, $folderorfile, $files);
} else {
if (!$context->inputs->isExcludedFile($folderorfile)) {
if (!in_array($folderorfile, $files, true) && realpath($folderorfile)) {
- $files[] = realpath($folderorfile);
+ $fileToAdd = realpath($folderorfile);
+ $files[] = $fileToAdd;
}
}
}
@@ -68,7 +71,7 @@ public function parsePhp($context)
if (!is_null($context->inputs->getFile()) || !is_null($context->inputs->getCode())) {
try {
if (is_null($context->inputs->getCode())) {
- $fileContent = file_get_contents($context->inputs->getFile());
+ $fileContent = @file_get_contents($context->inputs->getFile());
if (Analyzer::getTypeOfLanguage(Analyzer::PHP, $fileContent)) {
$context->inputs->setCode($fileContent);
$context->setPath(dirname($context->inputs->getFile()));
@@ -79,7 +82,8 @@ public function parsePhp($context)
$script = $this->parser->parse($context->inputs->getCode(), "");
}
}
- } catch (\PhpParser\Error $e) {
+ } catch (\Exception $e) {
+ Utils::printWarning($context, Lang::PARSER_ERROR.$e->getMessage());
}
}
@@ -95,138 +99,97 @@ public function transformPhp($context, $script)
$transformvisitor->setContext($context);
$traverser->addVisitor($transformvisitor);
$traverser->traverse($script);
-
+
unset($traverser);
unset($transformvisitor);
+
+ /*
+ $dumper = new \PHPCfg\Printer\Text();
+ echo $dumper->printScript($script);
+ */
}
}
- public function runInternalFunction($context, $myFunc)
+ public function runFunctionAnalysis($context, $myFunc, $updatemyfile = true)
{
- if (!is_null($myFunc) && !$myFunc->isAnalyzed()) {
- $myFunc->setIsAnalyzed(true);
+ if (!is_null($myFunc) && !$myFunc->isVisited()) {
+ $myFunc->setIsVisited(true);
$myFunc->getMyCode()->setStart(0);
$myFunc->getMyCode()->setEnd(count($myFunc->getMyCode()->getCodes()));
- \progpilot\Analysis\ValueAnalysis::buildStorage();
-
$visitoranalyzer = new \progpilot\Analysis\VisitorAnalysis;
+
+ if ($updatemyfile) {
+ $file = $myFunc->getSourceMyFile()->getName();
+ $myFile = new MyFile($file, 0, 0);
+ $context->inputs->setFile($file);
+ $context->setCurrentMyfile($myFile);
+ }
+
+ $params = $myFunc->getParams();
+ foreach ($params as $param) {
+ $param->setParamToArg(null);
+ }
+
$visitoranalyzer->setContext($context);
- $visitoranalyzer->analyze($myFunc->getMyCode());
+ $visitoranalyzer->analyzeFunc($myFunc, null, true);
+ foreach ($myFunc->getReturnDefs() as $returnDef) {
+ $returnDefCopy = deep_copy($returnDef);
+ $myFunc->addInitialReturnDef($returnDefCopy);
+ }
+
+ $context->resetInternalValues();
unset($visitoranalyzer);
} else {
// throw main function missing
}
}
- public function runInternalAnalysis($context, $includedDefs = null)
+ public function visitDataFlow($context)
{
- $startTime = microtime(true);
-
// analyze
if (!is_null($context)) {
- $contextFunctions = [];
- if (!is_null($context->getFunctions()->getFunctions())) {
- foreach ($context->getFunctions()->getFunctions() as $functionsName) {
- if (!is_null($functionsName)) {
- foreach ($functionsName as $myFunc) {
- $contextFunctions[] = $myFunc;
- }
- }
- }
- }
-
- foreach ($context->getClasses()->getListClasses() as $myClass) {
- $contextFunctions = array_merge($contextFunctions, $myClass->getMethods());
- }
-
$visitordataflow = new \progpilot\Dataflow\VisitorDataflow();
-
- foreach ($contextFunctions as $myFunc) {
- if (!is_null($myFunc) && !$myFunc->isDataAnalyzed()) {
- $myFunc->setIsDataAnalyzed(true);
- $visitordataflow->analyze($context, $myFunc, $includedDefs);
- }
- }
-
- if ($context->getCurrentNbDefs() > $context->getLimitDefs()) {
- Utils::printWarning($context, Lang::MAX_DEFS_EXCEEDED);
- return;
- }
-
- if ((microtime(true) - $startTime) > $context->getLimitTime()) {
- Utils::printWarning($context, Lang::MAX_TIME_EXCEEDED);
- return;
- }
-
- if (!$context->getAnalyzeFunctions()) {
- $this->runInternalFunction($context, $context->getFunctions()->getFunction("{main}"));
- } else {
- foreach ($contextFunctions as $myFunc) {
- $this->runInternalFunction($context, $myFunc);
-
- if ((microtime(true) - $startTime) > $context->getLimitTime()) {
- Utils::printWarning($context, Lang::MAX_TIME_EXCEEDED);
- return;
+
+ $fileNameHash = hash("sha256", $context->getCurrentMyfile()->getName());
+ foreach ($context->getTmpFunctions() as $myFunc) {
+ if (!is_null($myFunc)) {
+ $visitordataflow->analyze($context, $myFunc);
+
+ $className = "function";
+ if (!is_null($myFunc->getMyclass())) {
+ $className = $myFunc->getMyclass()->getName();
}
+
+ $context->getFunctions()->addFunction($fileNameHash, $className, $myFunc->getName(), $myFunc);
}
}
-
- if ($context->getCurrentNbDefs() > $context->getLimitDefs()) {
- Utils::printWarning($context, Lang::MAX_DEFS_EXCEEDED);
- return;
- }
-
- $context->outputs->callgraph->computeCallGraph();
- \progpilot\Analysis\CustomAnalysis::mustVerifyCallFlow($context);
- unset($visitordataflow);
+ $context->clearTmpFunctions();
}
}
- public function runInternalPhp($context, $includedDefs = null, $transform = true)
+ public function computeDataFlowPhp($context)
{
- // check if it is PHP language ????? LIKE myJavascriptFile
- $startTime = microtime(true);
-
// free memory
if (function_exists('gc_mem_caches')) {
gc_mem_caches();
}
-
- if ($context->getCurrentNbDefs() > $context->getLimitDefs()) {
- Utils::printWarning($context, Lang::MAX_DEFS_EXCEEDED);
- return;
- }
- if ($transform) {
- $pastResults = &$context->outputs->getResults();
- $context->resetInternalValues();
- $context->outputs->setResults($pastResults);
-
- $script = $this->parsePhp($context);
-
- if ((microtime(true) - $startTime) > $context->getLimitTime()) {
- Utils::printWarning($context, Lang::MAX_TIME_EXCEEDED);
- return;
- }
+ $pastResults = &$context->outputs->getResults();
+ $context->resetInternalValues();
+ $context->outputs->setResults($pastResults);
- $this->transformPhp($context, $script);
+ $script = $this->parsePhp($context);
- unset($script);
+ $this->transformPhp($context, $script);
- if ((microtime(true) - $startTime) > $context->getLimitTime()) {
- Utils::printWarning($context, Lang::MAX_TIME_EXCEEDED);
- return;
- }
-
- $this->runInternalAnalysis($context, $includedDefs);
- }
+ $this->visitDataFlow($context);
}
- public function runInternalJs($context, $includedDefs = null, $transform = true)
+ public function computeDataFlowJs($context)
{
$startTime = microtime(true);
@@ -234,26 +197,21 @@ public function runInternalJs($context, $includedDefs = null, $transform = true)
if (function_exists('gc_mem_caches')) {
gc_mem_caches();
}
-
- if (!extension_loaded("v8js")) {
- Utils::printWarning($context, Lang::V8JS_NOTLOADED);
- return;
- }
-
- if ($context->getCurrentNbDefs() > $context->getLimitDefs()) {
- Utils::printWarning($context, Lang::MAX_DEFS_EXCEEDED);
- return;
- }
- if (!is_null($context->inputs->getFile()) && $transform) {
- $content = file_get_contents($context->inputs->getFile());
+ if (!is_null($context->inputs->getFile())) {
+ $content = @file_get_contents($context->inputs->getFile());
if (Analyzer::getTypeOfLanguage(Analyzer::JS, $content)) {
+ if (!extension_loaded("v8js")) {
+ Utils::printWarning($context, Lang::V8JS_NOTLOADED);
+ return;
+ }
+
$pastResults = &$context->outputs->getResults();
$context->resetInternalValues();
$context->outputs->setResults($pastResults);
- if ((microtime(true) - $startTime) > $context->getLimitTime()) {
+ if ((microtime(true) - $startTime) > $context->getMaxFileAnalysisDuration()) {
Utils::printWarning($context, Lang::MAX_TIME_EXCEEDED);
return;
}
@@ -262,41 +220,41 @@ public function runInternalJs($context, $includedDefs = null, $transform = true)
$transformvisitor->setContext($context);
$transformvisitor->v8jsExecute();
- if ((microtime(true) - $startTime) > $context->getLimitTime()) {
+ if ((microtime(true) - $startTime) > $context->getMaxFileAnalysisDuration()) {
Utils::printWarning($context, Lang::MAX_TIME_EXCEEDED);
return;
}
- $this->runInternalAnalysis($context, $includedDefs);
+ $this->visitDataFlow($context);
}
}
}
- public function runAllInternal($context)
+ public function computeDataFlow($context)
{
- if (!file_exists($context->inputs->getFile()) && is_null($context->inputs->getCode())) {
+ $filename = $context->inputs->getFile();
+
+ if (!file_exists($filename) && is_null($context->inputs->getCode())) {
Utils::printWarning(
$context,
- Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($context->inputs->getFile()).")"
+ Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($filename).")"
);
- } elseif (is_null($context->inputs->getFile()) && is_null($context->inputs->getCode())) {
+ } elseif (is_null($filename) && is_null($context->inputs->getCode())) {
Utils::printWarning($context, Lang::FILE_AND_CODE_ARE_NULL);
} else {
if (is_null($context->inputs->getCode())
- && filesize($context->inputs->getFile()) > $context->getLimitSize()) {
+ && @filesize($filename) > $context->getMaxFileSize()) {
Utils::printWarning(
$context,
- Lang::MAX_SIZE_EXCEEDED." (".Utils::encodeCharacters($context->inputs->getFile()).")"
+ Lang::MAX_SIZE_EXCEEDED." (".Utils::encodeCharacters($filename).")"
);
} else {
- if ($context->inputs->isLanguage(Analyzer::PHP)) {
- $context->resetDataflow();
- $this->runInternalPhp($context);
- }
-
- if ($context->inputs->isLanguage(Analyzer::JS)) {
- $context->resetDataflow();
- $this->runInternalJs($context);
+ if (!$context->isFileDataAnalyzed($filename)) {
+ if ($context->inputs->isLanguage(Analyzer::PHP)) {
+ $this->computeDataFlowPhp($context);
+ } elseif ($context->inputs->isLanguage(Analyzer::JS)) {
+ $this->computeDataFlowJs($context);
+ }
}
}
}
@@ -313,38 +271,126 @@ public static function getTypeOfLanguage($lookfor, $content)
if ($lookfor === Analyzer::JS && !empty($content)) {
if (strpos($content, "var") !== false
- || strpos($content, "int") !== false
- || strpos($content, "this") !== false
- || strpos($content, "let") !== false
- || strpos($content, "export") !== false
- || strpos($content, "import") !== false) {
+ || strpos($content, "let") !== false
+ || strpos($content, "export") !== false
+ || strpos($content, "import") !== false) {
return true;
}
}
return false;
}
+
+ public function getNamespace($context, $file)
+ {
+ try {
+ if (@filesize($file) <= $context->getMaxFileSize()) {
+ $contents = @file_get_contents($file);
+ preg_match('/namespace (.*);/', $contents, $matches);
+ if (isset($matches[1])) {
+ $context->addFileandNamepace($file, $matches[1]);
+ }
+
+ $script = $this->parser->parse($contents, $file);
+
+ $traverser = new \PHPCfg\Traverser();
+ $callvisitor = new \progpilot\CallVisitor();
+ $callvisitor->setContext($context);
+ $traverser->addVisitor($callvisitor);
+ $traverser->traverse($script);
+ }
+ } catch (\Exception $e) {
+ Utils::printWarning($context, Lang::PARSER_ERROR.$e->getMessage());
+ }
+ }
+
+ public function computeDataFlowOfNamespaces($context, $file)
+ {
+ $nsCalls = $context->getCallsToNamespace($file);
+ if (!is_null($nsCalls)) {
+ foreach ($nsCalls as $nsCall) {
+ $fileToInclude = $context->getFileFromNamespace($nsCall);
+ if (!is_null($fileToInclude) && !$context->isFileDataAnalyzed($fileToInclude)) {
+ $myFileToInclude = new MyFile($fileToInclude, 0, 0);
+ $context->inputs->setFile($fileToInclude);
+ $context->setCurrentMyfile($myFileToInclude);
+
+ $this->computeDataFlow($context);
+
+ // file is now data analyzed
+ $context->addDataAnalyzedFile($fileToInclude);
+ // we look for namespaces of this file
+ $this->computeDataFlowOfNamespaces($context, $fileToInclude);
+ }
+ }
+ }
+ }
+
+ public function runAnalysisOfCurrentMyFile($context)
+ {
+ $functions = $context->getFunctions()->getFunctions();
+ $fileNameHash = hash("sha256", $context->getCurrentMyfile()->getName());
+
+ $myFuncsOfFile = [];
+ // we take all function except mains
+ if (isset($functions["$fileNameHash"])) {
+ $myFuncsToAnalyze = $functions["$fileNameHash"];
+ // we put the functions at the top (will be analyzed at first)
+ // could impact initialreturndef and funccall to be analyzed or not
+ foreach ($myFuncsToAnalyze as $myFuncsByClass) {
+ foreach ($myFuncsByClass as $myFunc) {
+ // func with global variables except to be analyzed/called from a main
+ if (!$myFunc->hasGlobalVariables() && $myFunc->getName() !== "{main}") {
+ $myFuncsOfFile[] = $myFunc;
+ }
+ }
+ }
+
+ foreach ($myFuncsToAnalyze as $myFuncsByClass) {
+ foreach ($myFuncsByClass as $myFunc) {
+ if ($myFunc->getName() == "{main}") {
+ $myFuncsOfFile[] = $myFunc;
+ }
+ }
+ }
+ }
+
+ foreach ($myFuncsOfFile as $myFunc) {
+ $this->runFunctionAnalysis($context, $myFunc);
+ $context->resetCallStack();
+ }
+ }
public function run($context, $cmdFiles = null)
{
+ $currentMemoryLimit = ini_get("memory_limit");
+ if (!$currentMemoryLimit) {
+ $currentMemoryLimit = 0;
+ }
+
+ $bytes = HelpersAnalysis::getBytes($currentMemoryLimit);
+ if ($bytes < $context->getMaxMemory()) {
+ $ret = ini_set('memory_limit', $context->getMaxMemory());
+ if (!$ret) {
+ Utils::printWarning($context, Lang::CANNOT_SET_MEMORY.$context->getMaxMemory());
+ }
+ }
+
$files = [];
$context->readConfiguration();
- $context->inputs->readExcludes();
- $context->inputs->readIncludes();
+ // try to resolve incorrect included/excluded file paths
+ $context->inputs->resolvePaths();
- $context->inputs->readDev();
+ // add all configurations inside frameworks folders except if overwritten
$context->inputs->readFrameworks();
- $context->inputs->readSanitizers();
- $context->inputs->readSinks();
- $context->inputs->readSources();
- $context->inputs->readResolvedIncludes();
- $context->inputs->readValidators();
- $context->inputs->readFalsePositives();
- $context->inputs->readCustomRules();
- $includedFiles = $context->inputs->getIncludedFiles();
- $includedFolders = $context->inputs->getIncludedFolders();
+ // add common configuration except if overwritten
+ $context->inputs->readDefaultSanitizers();
+ $context->inputs->readDefaultSinks();
+ $context->inputs->readDefaultSources();
+ $context->inputs->readDefaultValidators();
+ $context->inputs->readDefaultCustomRules();
if ($cmdFiles !== null) {
foreach ($cmdFiles as $cmdFile) {
@@ -359,17 +405,19 @@ public function run($context, $cmdFiles = null)
}
}
+ $includedFiles = $context->inputs->getInclusions();
+
foreach ($includedFiles as $includedFile) {
- if (!in_array($includedFile, $files, true)
+ if (is_dir($includedFile)) {
+ $this->getFilesOfDir($context, $includedFile, $files);
+ } else {
+ if (!in_array($includedFile, $files, true)
&& !$context->inputs->isExcludedFile($includedFile)) {
- $files[] = $includedFile;
+ $files[] = $includedFile;
+ }
}
}
- foreach ($includedFolders as $includedFolder) {
- $this->getFilesOfDir($context, $includedFolder, $files);
- }
-
if (!is_null($context->inputs->getFolder())) {
$this->getFilesOfDir($context, $context->inputs->getFolder(), $files);
} else {
@@ -382,29 +430,53 @@ public function run($context, $cmdFiles = null)
}
}
+ // a first pass to identify namespaces and calls
foreach ($files as $file) {
- $context->setCurrentNbDefs(0);
+ if (is_file($file)) {
+ $myFile = new MyFile($file, 0, 0);
+ $context->inputs->setFile($file);
+ $context->setCurrentMyfile($myFile);
- if ($context->getPrintFile()) {
- echo "progpilot analyze : ".Utils::encodeCharacters($file)."\n";
+ $this->getNamespace($context, $file);
}
+ }
+
+ foreach ($files as $file) {
+ if (is_file($file)) {
+ if ($context->isDebugMode()) {
+ echo "progpilot analyze : ".Utils::encodeCharacters($file)."\n";
+ }
- $context->outputs->setCountAnalyzedFiles(
- $context->outputs->getCountAnalyzedFiles() + 1
- );
+ $context->outputs->setCountAnalyzedFiles(
+ $context->outputs->getCountAnalyzedFiles() + 1
+ );
+
+ // for each file we look for required namespaces to include
+ $this->computeDataFlowOfNamespaces($context, $file);
+
+ $myFile = new MyFile($file, 0, 0);
+ $context->inputs->setFile($file);
+ $context->setCurrentMyfile($myFile);
- $myFile = new MyFile($file, 0, 0);
- $context->inputs->setFile($file);
- $context->setCurrentMyfile($myFile);
- $this->runAllInternal($context);
- $context->inputs->setCode(null);
+ $this->computeDataFlow($context);
+ // the file is now data analyzed
+ $context->addDataAnalyzedFile($file);
+ $this->runAnalysisOfCurrentMyFile($context);
+
+ $context->resetIncludedFiles();
+
+ // needed??
+ $context->inputs->setCode(null);
+ }
}
- if (count($files) === 0 && !is_null($context->inputs->getCode())) {
- $this->runAllInternal($context);
+ // if no files try to read code
+ if (empty($files) && !is_null($context->inputs->getCode())) {
+ $this->computeDataFlow($context);
+ $this->runAnalysis($context);
}
- if ($context->outputs->getResolveIncludes()) {
+ if ($context->outputs->getWriteIncludeFailures()) {
$context->outputs->writeIncludesFile();
}
}
diff --git a/package/src/progpilot/CallVisitor.php b/package/src/progpilot/CallVisitor.php
new file mode 100644
index 00000000..812901e6
--- /dev/null
+++ b/package/src/progpilot/CallVisitor.php
@@ -0,0 +1,73 @@
+context = $context;
+ }
+
+ public function enterScript(Script $script)
+ {
+ }
+
+ public function leaveScript(Script $script)
+ {
+ }
+
+ public function leaveFunc(Func $func)
+ {
+ }
+
+ public function enterFunc(Func $func)
+ {
+ }
+
+ public function enterBlock(Block $block, Block $prior = null)
+ {
+ }
+
+ public function skipBlock(Block $block, Block $prior = null)
+ {
+ }
+
+ public function leaveOp(Op $op, Block $block)
+ {
+ }
+
+ public function leaveBlock(Block $block, Block $prior = null)
+ {
+ }
+
+ public function enterOp(Op $op, Block $block)
+ {
+ if (isset($op->class->value)) {
+ if (strpos($op->class->value, "\\") !== false) {
+ preg_match('/(.*)\\\(.*)/', $op->class->value, $matches);
+ if (isset($matches[1])) {
+ // and $matches[2] is the name of the class
+ $this->context->addCallToNamespace($matches[1]);
+ }
+ }
+ }
+ }
+}
diff --git a/package/src/progpilot/Code/MyCode.php b/package/src/progpilot/Code/MyCode.php
index b03c5c62..03342f40 100644
--- a/package/src/progpilot/Code/MyCode.php
+++ b/package/src/progpilot/Code/MyCode.php
@@ -13,7 +13,6 @@
use progpilot\Objects\MyOp;
use progpilot\Objects\MyBlock;
use progpilot\Objects\MyDefinition;
-use progpilot\Objects\MyExpr;
use progpilot\Objects\MyFunction;
class MyCode
@@ -72,7 +71,7 @@ public static function readCode($context, $codeInput, $myJavascriptFile)
{
$myFunction = new MyFunction("{main}");
$context->setCurrentMycode($myFunction->getMyCode());
- $context->getFunctions()->addFunction($myFunction->getName(), $myFunction);
+ $context->getFunctions()->addFunction("file.js", "function", $myFunction->getName(), $myFunction);
$instFunc = new MyInstruction(Opcodes::ENTER_FUNCTION);
$instFunc->addProperty(MyInstruction::MYFUNC, $myFunction);
@@ -97,7 +96,7 @@ public static function readCode($context, $codeInput, $myJavascriptFile)
$edges = $codeInput[$nbInst ++];
$nbEdges = (int) $codeInput[$nbInst ++];
- $myBlock = new MyBlock;
+ $myBlock = new MyBlock($context->getCurrentLine(), $context->getCurrentColumn());
$myBlock->setId($myBlockId);
$myBlock->setStartAddressBlock(count($myFunction->getMyCode()->getCodes()));
@@ -140,6 +139,7 @@ public static function readCode($context, $codeInput, $myJavascriptFile)
$defColumn = (int) $codeInput[$nbInst ++];
$myDef = new MyDefinition($defLine, $defColumn, $defName);
+
$myDef->setSourceMyFile($myJavascriptFile);
$arrayDefinitions[] = $myDef;
@@ -181,21 +181,13 @@ public static function readCode($context, $codeInput, $myJavascriptFile)
$funcDefIdParam = (int) $codeInput[$nbInst ++];
$funcExprIdParam = (int) $codeInput[$nbInst ++];
$funcDefParam = $arrayDefinitions[$funcDefIdParam];
- $funcExprParam = $arrayExprs[$funcExprIdParam];
$instFuncCallMain->addProperty("argdef$j", $funcDefParam);
- $instFuncCallMain->addProperty("argexpr$j", $funcExprParam);
}
$funcExprString = $codeInput[$nbInst ++];
$funcExprId = (int) $codeInput[$nbInst ++];
- // !!!!????
- //$myExpr = $arrayExprs[$funcExprId];
- $myExpr = null;
-
$instFuncCallMain->addProperty(MyInstruction::MYFUNC_CALL, $myFunctionCall);
- $instFuncCallMain->addProperty(MyInstruction::EXPR, $myExpr);
- $instFuncCallMain->addProperty(MyInstruction::ARR, null);
$myFunction->getMyCode()->addCode($instFuncCallMain);
break;
@@ -230,41 +222,6 @@ public static function readCode($context, $codeInput, $myJavascriptFile)
case 'end_assign':
$myFunction->getMyCode()->addCode(new MyInstruction(Opcodes::END_ASSIGN));
- break;
-
- case 'start_expression':
- $myFunction->getMyCode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- break;
-
- case 'end_expression':
- $exprString = $codeInput[$nbInst ++];
- $exprLine = (int) $codeInput[$nbInst ++];
- $exprColumn = (int) $codeInput[$nbInst ++];
-
- $myExpr = new MyExpr($exprLine, $exprColumn);
-
- $exprIsAssign = $codeInput[$nbInst ++];
-
- if ($exprIsAssign === "true") {
- $exprDefAssignId = (int) $codeInput[$nbInst ++];
- $myExpr->setAssign(true);
- $myExpr->setAssignDef($exprDefAssignId);
- }
-
- $nbExprs = (int) $codeInput[$nbInst ++];
-
- $arrayExprs[] = $myExpr;
-
- for ($i = 0; $i < $nbExprs; $i ++) {
- $defId = (int) $codeInput[$nbInst ++];
- $myExpr->addDef($defId);
- }
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $myFunction->getMyCode()->addCode($instEndExpr);
-
break;
}
}
@@ -281,34 +238,6 @@ public static function readCode($context, $codeInput, $myJavascriptFile)
}
}
- foreach ($arrayExprs as $myExpr) {
- $defs = $myExpr->getDefs();
- $myExpr->setDefs(array());
-
- if ($myExpr->isAssign()) {
- $defId = $myExpr->getAssignDef();
- if (isset($arrayDefinitions[$defId])) {
- $myDef = $arrayDefinitions[$defId];
- $myExpr->setAssignDef($myDef);
- }
- }
-
- foreach ($defs as $defId) {
- if (isset($arrayDefinitions[$defId])) {
- $myDef = $arrayDefinitions[$defId];
- $myExpr->addDef($myDef);
- }
- }
- }
-
- foreach ($arrayDefinitions as $myDef) {
- $expr = $myDef->getExpr();
-
- if (isset($arrayExprs[$expr])) {
- $myExpr = $arrayExprs[$expr];
- $myDef->setExpr($myExpr);
- }
- }
$instFunc = new MyInstruction(Opcodes::LEAVE_FUNCTION);
$instFunc->addProperty(MyInstruction::MYFUNC, $myFunction);
@@ -322,6 +251,7 @@ public static function readCode($context, $codeInput, $myJavascriptFile)
public function printStdout()
{
$index = 0;
+ $currentFunc = null;
do {
if (isset($this->code[$index])) {
@@ -329,21 +259,22 @@ public function printStdout()
echo "[$index] ";
switch ($instruction->getOpcode()) {
case Opcodes::ENTER_FUNCTION:
- echo Opcodes::ENTER_FUNCTION."\n";
+ echo "Opcodes::ENTER_FUNCTION\n";
$myFunc = $instruction->getProperty(MyInstruction::MYFUNC);
+ $currentFunc = $myFunc;
echo "name = ".htmlentities($myFunc->getName(), ENT_QUOTES, 'UTF-8')."\n";
break;
case Opcodes::CLASSE:
- echo Opcodes::CLASSE."\n";
+ echo "Opcodes::CLASSE\n";
$myClass = $instruction->getProperty(MyInstruction::MYCLASS);
echo "name = ".htmlentities($myClass->getName(), ENT_QUOTES, 'UTF-8')."\n";
break;
case Opcodes::ENTER_BLOCK:
- echo Opcodes::ENTER_BLOCK."\n";
+ echo "Opcodes::ENTER_BLOCK\n";
$myBlock = $instruction->getProperty(MyInstruction::MYBLOCK);
echo "id = ".$myBlock->getId()."\n";
@@ -351,7 +282,7 @@ public function printStdout()
break;
case Opcodes::LEAVE_BLOCK:
- echo Opcodes::LEAVE_BLOCK."\n";
+ echo "Opcodes::LEAVE_BLOCK\n";
$myBlock = $instruction->getProperty(MyInstruction::MYBLOCK);
echo "id = ".$myBlock->getId()."\n";
@@ -359,13 +290,13 @@ public function printStdout()
break;
case Opcodes::LEAVE_FUNCTION:
- echo Opcodes::LEAVE_FUNCTION."\n";
+ echo "Opcodes::LEAVE_FUNCTION\n";
break;
case Opcodes::FUNC_CALL:
- echo Opcodes::FUNC_CALL."\n";
+ echo "Opcodes::FUNC_CALL\n";
$funcname = htmlentities(
$instruction->getProperty(MyInstruction::FUNCNAME),
@@ -375,70 +306,144 @@ public function printStdout()
echo "name = $funcname\n";
break;
- case Opcodes::START_EXPRESSION:
- echo Opcodes::START_EXPRESSION."\n";
- break;
-
- case Opcodes::END_EXPRESSION:
- echo Opcodes::END_EXPRESSION."\n";
- $myExpr = $instruction->getProperty(MyInstruction::EXPR);
- echo "expression et tainted = ".$myExpr->isTainted()."\n";
- break;
-
case Opcodes::CONCAT_LIST:
- echo Opcodes::CONCAT_LIST."\n";
+ echo "Opcodes::CONCAT_LIST\n";
break;
case Opcodes::CONCAT_LEFT:
- echo Opcodes::CONCAT_LEFT."\n";
+ echo "Opcodes::CONCAT_LEFT\n";
break;
case Opcodes::CONCAT_RIGHT:
- echo Opcodes::CONCAT_RIGHT."\n";
+ echo "Opcodes::CONCAT_RIGHT\n";
break;
case Opcodes::RETURN_FUNCTION:
- echo Opcodes::RETURN_FUNCTION."\n";
+ echo "Opcodes::RETURN_FUNCTION\n";
break;
case Opcodes::START_ASSIGN:
- echo Opcodes::START_ASSIGN."\n";
+ echo "Opcodes::START_ASSIGN\n";
break;
case Opcodes::END_ASSIGN:
- echo Opcodes::END_ASSIGN."\n";
+ echo "Opcodes::END_ASSIGN\n";
break;
case Opcodes::COND_BOOLEAN_NOT:
- echo Opcodes::COND_BOOLEAN_NOT."\n";
+ echo "Opcodes::COND_BOOLEAN_NOT\n";
break;
case Opcodes::COND_START_IF:
- echo Opcodes::COND_START_IF."\n";
- break;
-
- case Opcodes::TEMPORARY:
- echo Opcodes::TEMPORARY."\n";
- $listOfMyTemp = [];
- if ($instruction->isPropertyExist(MyInstruction::PHI)) {
- for ($i = 0; $i < $instruction->getProperty(MyInstruction::PHI); $i++) {
- $listOfMyTemp[] = $instruction->getProperty("temp_".$i);
- }
- } else {
- $listOfMyTemp[] = $instruction->getProperty(MyInstruction::TEMPORARY);
+ echo "Opcodes::COND_START_IF\n";
+ break;
+
+ case Opcodes::DEFINITION:
+ echo "Opcodes::DEFINITION\n";
+ $defname = htmlentities(
+ $instruction->getProperty(MyInstruction::DEF)->getName(),
+ ENT_QUOTES,
+ 'UTF-8'
+ );
+ echo "name = $defname\n";
+
+ $instruction->getProperty(MyInstruction::DEF)->printStdout();
+
+ break;
+
+ case Opcodes::PROPERTY_FETCH:
+ echo "Opcodes::PROPERTY_FETCH\n";
+ $propertyName = htmlentities(
+ $instruction->getProperty(MyInstruction::PROPERTY_NAME),
+ ENT_QUOTES,
+ 'UTF-8'
+ );
+ echo "property name = $propertyName\n";
+
+ break;
+
+ case Opcodes::STATIC_PROPERTY_FETCH:
+ echo "Opcodes::STATIC_PROPERTY_FETCH\n";
+ $propertyName = htmlentities(
+ $instruction->getProperty(MyInstruction::PROPERTY_NAME),
+ ENT_QUOTES,
+ 'UTF-8'
+ );
+ echo "property name = $propertyName\n";
+
+ break;
+
+ case Opcodes::ARRAYDIM_FETCH:
+ echo "Opcodes::ARRAYDIM_FETCH\n";
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $exprid = $instruction->getProperty(MyInstruction::EXPRID);
+ echo "varid = '$varid'\n";
+ echo "exprid = '$exprid'\n";
+ $arrayDim = $instruction->getProperty(MyInstruction::ARRAY_DIM);
+ echo "array dim = $arrayDim\n";
+
+ break;
+
+ case Opcodes::VARIABLE_FETCH:
+ echo "Opcodes::VARIABLE_FETCH\n";
+ $varid = $instruction->getProperty(MyInstruction::VARID);
+ $exprid = $instruction->getProperty(MyInstruction::EXPRID);
+ echo "varid = '$varid'\n";
+ echo "exprid = '$exprid'\n";
+ $instruction->getProperty(MyInstruction::DEF)->printStdout();
+
+ break;
+
+ case Opcodes::VARIABLE:
+ echo "Opcodes::VARIABLE\n";
+ $variableName = $instruction->getProperty(MyInstruction::VARIABLE_NAME);
+ echo "variable name = $variableName\n";
+
+ break;
+
+ case Opcodes::ASSIGN:
+ echo "Opcodes::ASSIGN\n";
+
+ break;
+
+ case Opcodes::ARGUMENT:
+ echo "Opcodes::ARGUMENT\n";
+
+ break;
+
+ case Opcodes::CAST:
+ echo "Opcodes::CAST\n";
+
+ break;
+
+ case Opcodes::CONST_FETCH:
+ echo "Opcodes::CONST_FETCH\n";
+
+ break;
+
+ case Opcodes::LITERAL_FETCH:
+ echo "Opcodes::LITERAL_FETCH\n";
+ $def = $instruction->getProperty(MyInstruction::DEF);
+ if (isset($def->getCurrentState()->getLastKnownValues()[0])) {
+ $literal = $def->getCurrentState()->getLastKnownValues()[0];
+ echo "literal = $literal\n";
}
- foreach ($listOfMyTemp as $def) {
- $def->printStdout();
- }
+ break;
+ case Opcodes::ITERATOR:
+ echo "Opcodes::ITERATOR\n";
+
break;
- case Opcodes::DEFINITION:
- echo Opcodes::DEFINITION."\n";
- $def = $instruction->getProperty(MyInstruction::DEF);
- $def->printStdout();
+ case Opcodes::ARRAY_EXPR:
+ echo "Opcodes::ARRAY_EXPR\n";
+
+ break;
+ case Opcodes::BINARYOP:
+ echo "Opcodes::BINARYOP\n";
+
break;
}
diff --git a/package/src/progpilot/Code/MyInstruction.php b/package/src/progpilot/Code/MyInstruction.php
index 2247b371..e056b898 100644
--- a/package/src/progpilot/Code/MyInstruction.php
+++ b/package/src/progpilot/Code/MyInstruction.php
@@ -12,38 +12,30 @@
class MyInstruction
{
- /*
- const MYBLOCK = 1;
- const MYBLOCK_IF = 2;
- const MYBLOCK_ELSE = 3;
- const MYFUNC = 4;
- const NOT_BOOLEAN = 5;
- const EXPR = 6;
- const MYCLASS = 7;
- const DEF = 8;
- const RETURN_DEFS = 9;
- const FUNCNAME = 10;
- const TYPE_INCLUDE = 11;
- const MYFUNC_CALL = 12;
- const ARR = 13;
- const TEMPORARY = 14;
- */
-
- const MYBLOCK = "myblock";
- const MYBLOCK_IF = "myblock_if";
- const MYBLOCK_ELSE = "myblock_else";
- const MYFUNC = "myfunc";
- const NOT_BOOLEAN = "not_boolean";
- const EXPR = "expr";
- const MYCLASS = "myclass";
- const DEF = "def";
- const RETURN_DEFS = "return_defs";
- const FUNCNAME = "funcname";
- const TYPE_INCLUDE = "type_include";
- const MYFUNC_CALL = "myfunc_call";
- const ARR = "arr";
- const TEMPORARY = "temporary";
- const PHI = "phi";
+ const MYBLOCK = 1;
+ const MYBLOCK_IF = 2;
+ const MYBLOCK_ELSE = 3;
+ const MYFUNC = 4;
+ const NOT_BOOLEAN = 5;
+ const MYCLASS = 7;
+ const DEF = 8;
+ const RETURN_DEFS = 9;
+ const FUNCNAME = 10;
+ const TYPE_INCLUDE = 11;
+ const MYFUNC_CALL = 12;
+ const PHI = 15;
+ const ORIGINAL_DEF = 16;
+ const ARRAY_DIM = 17;
+ const PROPERTY_NAME = 18;
+ const VARID = 19;
+ const RESULTID = 20;
+ const VARIABLE_NAME = 21;
+ const VARIABLE = 22;
+ const LITERAL = 23;
+ const EXPRID = 24;
+ const LEFTID = 25;
+ const RIGHTID = 26;
+ const REFERENCE = 27;
private $properties;
private $opcode;
@@ -66,7 +58,11 @@ public function isPropertyExist($index)
public function getProperty($index)
{
- return $this->properties[$index];
+ if (isset($this->properties[$index])) {
+ return $this->properties[$index];
+ }
+
+ return null;
}
public function getOpcode()
diff --git a/package/src/progpilot/Code/Opcodes.php b/package/src/progpilot/Code/Opcodes.php
index 3ef3a680..42dd3eb9 100644
--- a/package/src/progpilot/Code/Opcodes.php
+++ b/package/src/progpilot/Code/Opcodes.php
@@ -12,47 +12,34 @@
class Opcodes
{
- const LEAVE_BLOCK = "leave_block";
- const ENTER_BLOCK = "enter_block";
- const ENTER_FUNCTION = "enter_func";
- const LEAVE_FUNCTION = "leave_func";
- const DEFINITION = "definition";
- const START_ASSIGN = "start_assign";
- const END_ASSIGN = "end_assign";
- const START_EXPRESSION = "start_expression";
- const END_EXPRESSION = "end_expression";
- const TEMPORARY = "temporarySimple";
- const CONCAT_LEFT = "concat_left";
- const CONCAT_RIGHT = "concat_right";
- const CONCAT_LIST = "concat_list";
- const FUNC_CALL = "funccall";
- const RETURN_FUNCTION = "return";
- const CLASSE = "class";
- const ASSERTION = "assertion";
- const COND_START_IF = "condition_start_if";
- const COND_BOOLEAN_NOT = "condition_boolean_not";
- const NEW_INCLUDE = "new_include";
-
- /*
- const LEAVE_BLOCK = 0;
- const ENTER_BLOCK = 1;
- const ENTER_FUNCTION = 2;
- const LEAVE_FUNCTION = 3;
- const DEFINITION = 4;
- const START_ASSIGN = 5;
- const END_ASSIGN = 6;
- const START_EXPRESSION = 7;
- const END_EXPRESSION = 8;
- const TEMPORARY = 9;
- const CONCAT_LEFT = 10;
- const CONCAT_RIGHT = 11;
- const CONCAT_LIST = 12;
- const FUNC_CALL = 13;
- const RETURN_FUNCTION = 14;
- const CLASSE = 15;
- const ASSERTION = 16;
- const COND_START_IF = 17;
- const COND_BOOLEAN_NOT = 18;
- const NEW_INCLUDE = 19;
- */
+ const LEAVE_BLOCK = 1;
+ const ENTER_BLOCK = 2;
+ const ENTER_FUNCTION = 3;
+ const LEAVE_FUNCTION = 4;
+ const DEFINITION = 5;
+ const START_ASSIGN = 6;
+ const END_ASSIGN = 7;
+ const CONCAT_LEFT = 11;
+ const CONCAT_RIGHT = 12;
+ const CONCAT_LIST = 13;
+ const FUNC_CALL = 14;
+ const RETURN_FUNCTION = 15;
+ const CLASSE = 16;
+ const ASSERTION = 17;
+ const COND_START_IF = 18;
+ const COND_BOOLEAN_NOT = 19;
+ const NEW_INCLUDE = 20;
+ const PROPERTY_FETCH = 21;
+ const ARRAYDIM_FETCH = 22;
+ const VARIABLE = 23;
+ const ASSIGN = 24;
+ const ARGUMENT = 25;
+ const VARIABLE_FETCH = 26;
+ const LITERAL_FETCH = 27;
+ const STATIC_PROPERTY_FETCH = 28;
+ const CAST = 29;
+ const CONST_FETCH = 30;
+ const ITERATOR = 31;
+ const ARRAY_EXPR = 32;
+ const BINARYOP = 33;
}
diff --git a/package/src/progpilot/Command/ProgpilotCommand.php b/package/src/progpilot/Command/ProgpilotCommand.php
index 5c8610ff..c8020dc4 100644
--- a/package/src/progpilot/Command/ProgpilotCommand.php
+++ b/package/src/progpilot/Command/ProgpilotCommand.php
@@ -52,12 +52,13 @@ protected function execute(InputInterface $input, OutputInterface $output)
$context = new \progpilot\Context;
$analyzer = new \progpilot\Analyzer;
- if (!is_null($input->getOption('configuration'))) {
- $context->setConfiguration($input->getOption('configuration'));
- }
-
- $cmdFiles = $this->input->getArgument('files');
try {
+ if (!is_null($input->getOption('configuration'))) {
+ $context->setConfiguration($input->getOption('configuration'));
+ }
+
+ $cmdFiles = $this->input->getArgument('files');
+
$analyzer->run($context, $cmdFiles);
if ($context->getPrettyPrint()) {
@@ -69,8 +70,12 @@ protected function execute(InputInterface $input, OutputInterface $output)
if (count($context->outputs->getResults()) > 0) {
return 1;
}
- } catch (Exception $e) {
- echo Lang::GLOBAL_ERROR.$e->getMessage()." file : ".$e->getFile()." line : ".$e->getLine()."\n";
+ } catch (\Exception $e) {
+ echo $e->getMessage()."\n";
+
+ if ($context->isDebugMode()) {
+ echo "Exception raised on file : ".$e->getFile()." line : ".$e->getLine()."\n";
+ }
}
return 0;
diff --git a/package/src/progpilot/Console/Application.php b/package/src/progpilot/Console/Application.php
index 19108675..f84b8634 100644
--- a/package/src/progpilot/Console/Application.php
+++ b/package/src/progpilot/Console/Application.php
@@ -26,16 +26,9 @@ public function __construct()
public function run(InputInterface $input = null, OutputInterface $output = null)
{
- $this->setCatchExceptions(false);
-
- try {
- $statusCode = parent::run($input, $output);
- } catch (\Exception $e) {
- echo "\n\n".$e->getMessage()."\n\n";
- }
+ parent::run($input, $output);
}
-
public function getDefinition()
{
$inputDefinition = parent::getDefinition();
diff --git a/package/src/progpilot/Context.php b/package/src/progpilot/Context.php
index 8f534e5c..2d746cfc 100644
--- a/package/src/progpilot/Context.php
+++ b/package/src/progpilot/Context.php
@@ -10,136 +10,8 @@
namespace progpilot;
-use Symfony\Component\Yaml\Exception\ParseException;
-use Symfony\Component\Yaml\Parser;
-use progpilot\Utils;
-
-class Context
+class Context extends ContextInternalApi
{
- private $arrayIncludes;
- private $arrayRequires;
-
- private $currentMyCode;
- private $currentOp;
- private $currentBlock;
- private $currentLine;
- private $currentColumn;
- private $currentFunc;
- private $currentMyFile;
- private $currentNbDefs;
- private $myFiles;
- private $classes;
- private $objects;
- private $functions;
- private $path;
- private $analyzeHardRules;
- private $analyzeFunctions;
- private $analyzeIncludes;
- private $printFileUnderAnalysis;
- private $configurationFile;
- private $printWarning;
- private $prettyPrint;
- private $limitTime;
- private $limitDefs;
- private $limitSize;
- private $limitValues;
-
- public $inputs;
- public $outputs;
-
- public function __construct()
- {
- $this->configurationFile = null;
- $this->analyzeHardRules = false;
- $this->analyzeFunctions = true;
- $this->analyzeIncludes = true;
- $this->printFileUnderAnalysis = false;
- $this->printWarning = false;
- $this->prettyPrint = true;
- $this->limitTime = 10;
- $this->limitDefs = 3000;
- $this->limitSize = 500000;
- $this->currentNbDefs = 0;
-
- $this->inputs = new \progpilot\Inputs\MyInputs;
- $this->outputs = new \progpilot\Outputs\MyOutputs;
-
- $this->objects = new \progpilot\Dataflow\Objects;
- $this->classes = new \progpilot\Dataflow\Classes;
- $this->functions = new \progpilot\Dataflow\Functions;
-
- $this->resetInternalValues();
-
- $this->currentMyFile = null;
- $this->myfiles = [];
- $this->arrayIncludes = [];
- $this->arrayRequires = [];
- }
-
- public function getCurrentNbDefs()
- {
- return $this->currentNbDefs;
- }
-
- public function setCurrentNbDefs($currentNbDefs)
- {
- $this->currentNbDefs = $currentNbDefs;
- }
-
- public function resetInternalLowvalues()
- {
- $this->currentOp = null;
- $this->currentBlock = null;
- $this->currentLine = -1;
- $this->currentColumn = -1;
- $this->currentFunc = null;
- $this->currentMyCode = null;
- $this->path = null;
- }
-
- public function resetInternalValues()
- {
- $this->resetInternalLowvalues();
-
- unset($this->currentMyCode);
-
- $this->inputs->setCode(null);
- // representations (cfg, ast ...) are deleted to avoid memory grown
- //$this->outputs = new \progpilot\Outputs\MyOutputs;
- $this->outputs->resetRepresentations();
- }
-
- public function resetDataflow()
- {
- unset($this->objects);
- unset($this->classes);
- unset($this->functions);
-
- $this->objects = new \progpilot\Dataflow\Objects;
- $this->classes = new \progpilot\Dataflow\Classes;
- $this->functions = new \progpilot\Dataflow\Functions;
- }
-
- public function setArrayIncludes($arrayIncludes)
- {
- $this->arrayIncludes = $arrayIncludes;
- }
-
- public function setArrayRequires($arrayRequires)
- {
- $this->arrayRequires = $arrayRequires;
- }
-
- public function getArrayIncludes()
- {
- return $this->arrayIncludes;
- }
-
- public function getArrayRequires()
- {
- return $this->arrayRequires;
- }
-
public function setPrettyPrint($bool)
{
$this->prettyPrint = $bool;
@@ -150,59 +22,59 @@ public function getPrettyPrint()
return $this->prettyPrint;
}
- public function setPrintWarning($bool)
+ public function setDebugMode($bool)
{
- $this->printWarning = $bool;
+ $this->debugMode = $bool;
}
- public function getPrintWarning()
+ public function isDebugMode()
{
- return $this->printWarning;
+ return $this->debugMode;
}
- public function setLimitDefs($limitDefs)
+ public function setMaxDefinitions($maxDefinitions)
{
- $this->limitDefs = $limitDefs;
+ $this->maxDefinitions = $maxDefinitions;
}
- public function getLimitDefs()
+ public function getMaxDefinitions()
{
- return $this->limitDefs;
+ return $this->maxDefinitions;
}
- public function setLimitTime($limitTime)
+ public function setMaxFileAnalysisDuration($maxFileAnalysisDuration)
{
- $this->limitTime = $limitTime;
+ $this->maxFileAnalysisDuration = $maxFileAnalysisDuration;
}
- public function getLimitTime()
+ public function getMaxFileAnalysisDuration()
{
- return $this->limitTime;
+ return $this->maxFileAnalysisDuration;
}
- public function setLimitSize($limitSize)
+ public function setMaxFileSize($maxFileSize)
{
- $this->limitSize = $limitSize;
+ $this->maxFileSize = $maxFileSize;
}
- public function getLimitSize()
+ public function getMaxFileSize()
{
- return $this->limitSize;
+ return $this->maxFileSize;
}
- public function getAnalyzeHardrules()
+ public function setMaxMemory($maxMemory)
{
- return $this->analyzeHardRules;
+ $this->maxMemory = $maxMemory;
}
- public function getAnalyzeIncludes()
+ public function getMaxMemory()
{
- return $this->analyzeIncludes;
+ return $this->maxMemory;
}
- public function setAnalyzeHardRules($analyzeHardRules)
+ public function getAnalyzeIncludes()
{
- $this->analyzeHardRules = $analyzeHardRules;
+ return $this->analyzeIncludes;
}
public function setAnalyzeIncludes($analyzeIncludes)
@@ -210,146 +82,6 @@ public function setAnalyzeIncludes($analyzeIncludes)
$this->analyzeIncludes = $analyzeIncludes;
}
- public function setAnalyzeFunctions($analyzeFunctions)
- {
- $this->analyzeFunctions = $analyzeFunctions;
- }
-
- public function getAnalyzeFunctions()
- {
- return $this->analyzeFunctions;
- }
-
- public function getCurrentMycode()
- {
- return $this->currentMyCode;
- }
-
- public function getCurrentOp()
- {
- return $this->currentOp;
- }
-
- public function getCurrentBlock()
- {
- return $this->currentBlock;
- }
-
- public function getCurrentLine()
- {
- return $this->currentLine;
- }
-
- public function getCurrentColumn()
- {
- return $this->currentColumn;
- }
-
- public function getCurrentFunc()
- {
- return $this->currentFunc;
- }
-
- public function getObjects()
- {
- return $this->objects;
- }
-
- public function getClasses()
- {
- return $this->classes;
- }
-
- public function getFunctions()
- {
- return $this->functions;
- }
-
- public function getInputs()
- {
- return $this->inputs;
- }
-
- public function getOutputs()
- {
- return $this->outputs;
- }
-
- public function getPath()
- {
- return $this->path;
- }
-
- public function getCurrentMyfile()
- {
- return $this->currentMyFile;
- }
-
- public function setCurrentMyfile($myFile)
- {
- $this->currentMyFile = $myFile;
- }
-
- public function setPath($path)
- {
- $this->path = $path;
- }
-
- public function setCurrentMycode($myCode)
- {
- $this->currentMyCode = $myCode;
- }
-
- public function setCurrentOp($currentOp)
- {
- $this->currentOp = $currentOp;
- }
-
- public function setCurrentBlock($currentBlock)
- {
- $this->currentBlock = $currentBlock;
- }
-
- public function setCurrentLine($currentLine)
- {
- $this->currentLine = $currentLine;
- }
-
- public function setCurrentColumn($currentColumn)
- {
- $this->currentColumn = $currentColumn;
- }
-
- public function setCurrentFunc($currentFunc)
- {
- $this->currentFunc = $currentFunc;
- }
-
- public function setObjects($objects)
- {
- $this->objects = $objects;
- }
-
- public function setClasses($classes)
- {
- $this->classes = $classes;
- }
-
- public function setFunctions($functions)
- {
- $this->functions = $functions;
- }
-
- public function setInputs($inputs)
- {
- $this->inputs = $inputs;
- }
-
- public function setOutputs($outputs)
- {
- $this->outputs = $outputs;
- }
-
public function setConfiguration($file)
{
$this->configurationFile = $file;
@@ -359,148 +91,4 @@ public function getConfiguration()
{
return $this->configurationFile;
}
-
- public function setPrintFile($bool)
- {
- $this->printFileUnderAnalysis = $bool;
- }
-
- public function getPrintFile()
- {
- return $this->printFileUnderAnalysis;
- }
-
- public function readConfiguration()
- {
- if (!is_null($this->configurationFile)) {
- try {
- if (file_exists($this->configurationFile)) {
- $yaml = new Parser();
- $value = $yaml->parse(file_get_contents($this->configurationFile));
-
- if (is_array($value)) {
- if (isset($value["inputs"])) {
- if (isset($value["inputs"]["setCustomRules"])) {
- $this->inputs->setCustomRules($value["inputs"]["setCustomRules"]);
- }
-
- if (isset($value["inputs"]["setSources"])) {
- $this->inputs->setSources($value["inputs"]["setSources"]);
- }
-
- if (isset($value["inputs"]["setSinks"])) {
- $this->inputs->setSinks($value["inputs"]["setSinks"]);
- }
-
- if (isset($value["inputs"]["setValidators"])) {
- $this->inputs->setValidators($value["inputs"]["setValidators"]);
- }
-
- if (isset($value["inputs"]["setSanitizers"])) {
- $this->inputs->setSanitizers($value["inputs"]["setSanitizers"]);
- }
-
- if (isset($value["inputs"]["setIncludes"])) {
- $this->inputs->setIncludes($value["inputs"]["setIncludes"]);
- }
-
- if (isset($value["inputs"]["setExcludes"])) {
- $this->inputs->setExcludes($value["inputs"]["setExcludes"]);
- }
-
- if (isset($value["inputs"]["setFolder"])) {
- $this->inputs->setFolder($value["inputs"]["setFolder"]);
- }
-
- if (isset($value["inputs"]["setFile"])) {
- $this->inputs->setFile($value["inputs"]["setFile"]);
- }
-
- if (isset($value["inputs"]["setCode"])) {
- $this->inputs->setCode($value["inputs"]["setCode"]);
- }
-
- if (isset($value["inputs"]["setResolvedIncludes"])) {
- $this->inputs->setResolvedIncludes($value["inputs"]["setResolvedIncludes"]);
- }
-
- if (isset($value["inputs"]["setFalsePositives"])) {
- $this->inputs->setFalsePositives($value["inputs"]["setFalsePositives"]);
- }
-
- if (isset($value["inputs"]["setLanguages"])) {
- $this->inputs->setLanguages($value["inputs"]["setLanguages"]);
- }
-
- if (isset($value["inputs"]["setFrameworks"])) {
- $this->inputs->setFrameworks($value["inputs"]["setFrameworks"]);
- }
-
- if (isset($value["inputs"]["setDev"])) {
- $this->inputs->setDev($value["inputs"]["setDev"]);
- }
- }
-
- if (isset($value["outputs"])) {
- if (isset($value["outputs"]["taintedFlow"])) {
- $this->outputs->taintedFlow($value["outputs"]["taintedFlow"]);
- }
-
- if (isset($value["outputs"]["resolveIncludes"])) {
- $this->outputs->resolveIncludes($value["outputs"]["resolveIncludes"]);
- }
-
- if (isset($value["outputs"]["resolveIncludesFile"])) {
- $this->outputs->resolveIncludesFile($value["outputs"]["resolveIncludesFile"]);
- }
-
- if (isset($value["outputs"]["onAddResult"])) {
- $this->outputs->setOnAddResult($value["outputs"]["onAddResult"]);
- }
- }
-
- if (isset($value["options"])) {
- if (isset($value["options"]["setAnalyzeHardRules"])) {
- $this->setAnalyzeHardRules($value["options"]["setAnalyzeHardRules"]);
- }
-
- if (isset($value["options"]["setAnalyzeIncludes"])) {
- $this->setAnalyzeIncludes($value["options"]["setAnalyzeIncludes"]);
- }
-
- if (isset($value["options"]["setAnalyzeFunctions"])) {
- $this->setAnalyzeFunctions($value["options"]["setAnalyzeFunctions"]);
- }
-
- if (isset($value["options"]["setPrintFile"])) {
- $this->setPrintFile($value["options"]["setPrintFile"]);
- }
-
- if (isset($value["options"]["setLimitTime"])) {
- $this->setLimitTime($value["options"]["setLimitTime"]);
- }
-
- if (isset($value["options"]["setLimitDefs"])) {
- $this->setLimitDefs($value["options"]["setLimitDefs"]);
- }
-
- if (isset($value["options"]["setLimitSize"])) {
- $this->setLimitSize($value["options"]["setLimitSize"]);
- }
-
- if (isset($value["options"]["setPrintWarning"])) {
- $this->setPrintWarning($value["options"]["setPrintWarning"]);
- }
-
- if (isset($value["options"]["setPrettyPrint"])) {
- $this->setPrettyPrint($value["options"]["setPrettyPrint"]);
- }
- }
- }
- }
- } catch (ParseException $e) {
- Utils::printError($context, Lang::UNABLE_TO_PARSER_YAML);
- }
- }
- }
}
diff --git a/package/src/progpilot/ContextInternalApi.php b/package/src/progpilot/ContextInternalApi.php
new file mode 100644
index 00000000..3af9f575
--- /dev/null
+++ b/package/src/progpilot/ContextInternalApi.php
@@ -0,0 +1,561 @@
+configurationFile = null;
+ $this->analyzeIncludes = true;
+ $this->debugMode = false;
+ $this->prettyPrint = true;
+ $this->maxFileAnalysisDuration = 30;
+ $this->maxDefinitions = 500;
+ $this->maxFileSize = 1000000;
+ $this->maxMemory = 4000000000; // 4GB
+
+ $this->inputs = new \progpilot\Inputs\MyInputs;
+ $this->outputs = new \progpilot\Outputs\MyOutputs;
+
+ $this->objects = new \progpilot\Dataflow\Objects;
+ $this->classes = new \progpilot\Dataflow\Classes;
+ $this->functions = new \progpilot\Dataflow\Functions;
+
+ $this->resetInternalValues();
+
+ $this->currentFunc = null;
+ $this->currentMyFile = null;
+ $this->arrayIncludes = [];
+ $this->arrayRequires = [];
+ $this->analyzedDataFiles = [];
+
+ $this->defsMain = [];
+ $this->tmpfunctions = [];
+ $this->callStack = [];
+ }
+
+ public function pushToCallStack($val)
+ {
+ array_push($this->callStack, $val);
+ }
+
+ public function popFromCallStack()
+ {
+ return array_pop($this->callStack);
+ }
+
+ public function setCallStack($callStack)
+ {
+ $this->callStack = $callStack;
+ }
+
+ public function getCallStack()
+ {
+ return $this->callStack;
+ }
+
+ public function inCallStack($curFunc)
+ {
+ foreach ($this->callStack as $call) {
+ $callFunc = $call[0];
+
+ if ($callFunc->getName() === $curFunc->getName()
+ && !$callFunc->isType(MyFunction::TYPE_FUNC_METHOD)
+ && !$curFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ return true;
+ }
+
+ if ($callFunc->getName() === $curFunc->getName()
+ && $callFunc->isType(MyFunction::TYPE_FUNC_METHOD)
+ && $curFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ $curClass = $curFunc->getMyClass();
+ $callClass = $callFunc->getMyClass();
+
+ if ($curClass->getName() === $callClass->getName()) {
+ return true;
+ }
+
+ $curClassExtends = $curClass->getExtendsOf();
+ $callClassExtends = $callClass->getExtendsOf();
+
+ if (isset($curClassExtends) && isset($callClassExtends)
+ && $curClassExtends === $callClassExtends) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
+ public function addTmpFunctions($myfunc)
+ {
+ $this->tmpfunctions[] = $myfunc;
+ }
+
+ public function clearTmpFunctions()
+ {
+ $this->tmpfunctions = [];
+ }
+
+ public function getTmpFunctions()
+ {
+ return $this->tmpfunctions;
+ }
+
+ public function addDataAnalyzedFile($file)
+ {
+ if (!in_array($file, $this->analyzedDataFiles)) {
+ $this->analyzedDataFiles[] = $file;
+ }
+ }
+
+ public function isFileDataAnalyzed($file)
+ {
+ return in_array($file, $this->analyzedDataFiles);
+ }
+
+ public function getDefsMain()
+ {
+ return $this->defsMain;
+ }
+
+ public function setDefsMain($defsMain)
+ {
+ $this->defsMain = $defsMain;
+ }
+
+ public function addFileandNamepace($file, $namespace)
+ {
+ $this->namespaces["$namespace"] = $file;
+ }
+
+ public function getFileFromNamespace($namespace)
+ {
+ if (isset($this->namespaces["$namespace"])) {
+ return $this->namespaces["$namespace"];
+ }
+
+ return null;
+ }
+
+ public function addCallToNamespace($namespace)
+ {
+ if (!isset($this->calltonamespaces["".$this->currentMyFile->getName().""])) {
+ $this->calltonamespaces["".$this->currentMyFile->getName().""] = [];
+ }
+
+ if (!in_array($namespace, $this->calltonamespaces["".$this->currentMyFile->getName().""], true)) {
+ $this->calltonamespaces["".$this->currentMyFile->getName().""][] = $namespace;
+ }
+ }
+
+ public function getCallsToNamespace($file)
+ {
+ if (isset($this->calltonamespaces["$file"])) {
+ return $this->calltonamespaces["$file"];
+ }
+
+ return null;
+ }
+
+ public function resetInternalLowvalues()
+ {
+ $this->currentOp = null;
+ $this->currentBlock = null;
+ $this->currentLine = -1;
+ $this->currentColumn = -1;
+ $this->currentFunc = null;
+ $this->currentMyCode = null;
+ }
+
+ public function resetInternalValues()
+ {
+ $this->resetInternalLowvalues();
+
+ $this->inputs->setCode(null);
+ }
+
+ public function resetCallStack()
+ {
+ $this->callStack = [];
+ }
+
+ public function resetIncludedFiles()
+ {
+ $this->arrayIncludes = [];
+ $this->arrayRequires = [];
+ }
+
+ public function resetDataflow()
+ {
+ $this->analyzedDataFiles = [];
+ $this->objects = new \progpilot\Dataflow\Objects;
+ $this->classes = new \progpilot\Dataflow\Classes;
+ $this->functions = new \progpilot\Dataflow\Functions;
+ }
+
+ public function setArrayIncludes($arrayIncludes)
+ {
+ $this->arrayIncludes = $arrayIncludes;
+ }
+
+ public function setArrayRequires($arrayRequires)
+ {
+ $this->arrayRequires = $arrayRequires;
+ }
+
+ public function &getArrayIncludes()
+ {
+ return $this->arrayIncludes;
+ }
+
+ public function &getArrayRequires()
+ {
+ return $this->arrayRequires;
+ }
+
+ public function getCurrentMycode()
+ {
+ return $this->currentMyCode;
+ }
+
+ public function getCurrentOp()
+ {
+ return $this->currentOp;
+ }
+
+ public function getCurrentBlock()
+ {
+ return $this->currentBlock;
+ }
+
+ public function getCurrentLine()
+ {
+ return $this->currentLine;
+ }
+
+ public function getCurrentColumn()
+ {
+ return $this->currentColumn;
+ }
+
+ public function getCurrentFunc()
+ {
+ return $this->currentFunc;
+ }
+
+ public function getObjects()
+ {
+ return $this->objects;
+ }
+
+ public function getClasses()
+ {
+ return $this->classes;
+ }
+
+ public function getFunctions()
+ {
+ return $this->functions;
+ }
+
+ public function getNbsOpInformationsAll()
+ {
+ $nb = 0;
+ foreach ($this->getFunctions()->getFunctions() as $functionclasses) {
+ foreach ($functionclasses as $functionnames) {
+ foreach ($functionnames as $function) {
+ foreach ($function->getOpInformations() as $opInformation) {
+ if (isset($opInformation["chained_results"])) {
+ $nb += count($opInformation["chained_results"]);
+ }
+ }
+ }
+ }
+ }
+
+ return $nb;
+ }
+
+ public function getInputs()
+ {
+ return $this->inputs;
+ }
+
+ public function getOutputs()
+ {
+ return $this->outputs;
+ }
+
+ public function getPath()
+ {
+ return $this->path;
+ }
+
+ public function getCurrentMyfile()
+ {
+ return $this->currentMyFile;
+ }
+
+ public function setCurrentMyfile($myFile)
+ {
+ $this->currentMyFile = $myFile;
+ }
+
+ public function setPath($path)
+ {
+ $this->path = $path;
+ }
+
+ public function setCurrentMycode($myCode)
+ {
+ $this->currentMyCode = $myCode;
+ }
+
+ public function setCurrentOp($currentOp)
+ {
+ $this->currentOp = $currentOp;
+ }
+
+ public function setCurrentBlock($currentBlock)
+ {
+ $this->currentBlock = $currentBlock;
+ }
+
+ public function setCurrentLine($currentLine)
+ {
+ $this->currentLine = $currentLine;
+ }
+
+ public function setCurrentColumn($currentColumn)
+ {
+ $this->currentColumn = $currentColumn;
+ }
+
+ public function setCurrentFunc($currentFunc)
+ {
+ $this->currentFunc = $currentFunc;
+ }
+
+ public function setObjects($objects)
+ {
+ $this->objects = $objects;
+ }
+
+ public function setClasses($classes)
+ {
+ $this->classes = $classes;
+ }
+
+ public function setFunctions($functions)
+ {
+ $this->functions = $functions;
+ }
+
+ public function setInputs($inputs)
+ {
+ $this->inputs = $inputs;
+ }
+
+ public function setOutputs($outputs)
+ {
+ $this->outputs = $outputs;
+ }
+
+ public function readConfiguration()
+ {
+ if (!is_null($this->configurationFile)) {
+ try {
+ if (file_exists($this->configurationFile)) {
+ $yaml = new Parser();
+ $value = $yaml->parse(file_get_contents($this->configurationFile));
+
+ if (is_array($value)) {
+ if (isset($value["inputs"])) {
+ if (isset($value["inputs"]["customrules"])) {
+ $keep_defaults = true;
+ if (isset($value["inputs"]["customrules"]["keep_defaults"])) {
+ $keep_defaults = $value["inputs"]["customrules"]["keep_defaults"];
+ }
+
+ if ($keep_defaults) {
+ $this->inputs->addCustomRules($value["inputs"]["customrules"]["config_files"]);
+ } else {
+ $this->inputs->setCustomRules($value["inputs"]["customrules"]["config_files"]);
+ }
+ }
+
+ if (isset($value["inputs"]["sources"])) {
+ $keep_defaults = true;
+ if (isset($value["inputs"]["sources"]["keep_defaults"])) {
+ $keep_defaults = $value["inputs"]["sources"]["keep_defaults"];
+ }
+
+ if ($keep_defaults) {
+ $this->inputs->addSources($value["inputs"]["sources"]["config_files"]);
+ } else {
+ $this->inputs->setSources($value["inputs"]["sources"]["config_files"]);
+ }
+ }
+
+ if (isset($value["inputs"]["sinks"])) {
+ $keep_defaults = true;
+ if (isset($value["inputs"]["sinks"]["keep_defaults"])) {
+ $keep_defaults = $value["inputs"]["sinks"]["keep_defaults"];
+ }
+
+ if ($keep_defaults) {
+ $this->inputs->addSinks($value["inputs"]["sinks"]["config_files"]);
+ } else {
+ $this->inputs->setSinks($value["inputs"]["sinks"]["config_files"]);
+ }
+ }
+
+ if (isset($value["inputs"]["validators"])) {
+ $keep_defaults = true;
+ if (isset($value["inputs"]["validators"]["keep_defaults"])) {
+ $keep_defaults = $value["inputs"]["validators"]["keep_defaults"];
+ }
+
+ if ($keep_defaults) {
+ $this->inputs->addValidators($value["inputs"]["validators"]["config_files"]);
+ } else {
+ $this->inputs->setValidators($value["inputs"]["validators"]["config_files"]);
+ }
+ }
+
+ if (isset($value["inputs"]["sanitizers"])) {
+ $keep_defaults = true;
+ if (isset($value["inputs"]["sanitizers"]["keep_defaults"])) {
+ $keep_defaults = $value["inputs"]["sanitizers"]["keep_defaults"];
+ }
+
+ if ($keep_defaults) {
+ $this->inputs->addSanitizers($value["inputs"]["sanitizers"]["config_files"]);
+ } else {
+ $this->inputs->setSanitizers($value["inputs"]["sanitizers"]["config_files"]);
+ }
+ }
+
+ if (isset($value["inputs"]["inclusions"])) {
+ $this->inputs->setInclusions($value["inputs"]["inclusions"]);
+ }
+
+ if (isset($value["inputs"]["exclusions"])) {
+ $this->inputs->setExclusions($value["inputs"]["exclusions"]);
+ }
+
+ if (isset($value["inputs"]["resolved_includes_file"])) {
+ $this->inputs->setResolvedIncludes($value["inputs"]["resolved_includes_file"]);
+ }
+
+ if (isset($value["inputs"]["false_positives"])) {
+ $this->inputs->setFalsePositives($value["inputs"]["false_positives"]);
+ }
+
+ if (isset($value["inputs"]["languages"])) {
+ $this->inputs->setLanguages($value["inputs"]["languages"]);
+ }
+
+ if (isset($value["inputs"]["dev_mode"])) {
+ $this->inputs->setDev($value["inputs"]["dev_mode"]);
+ }
+ }
+
+ if (isset($value["outputs"])) {
+ if (isset($value["outputs"]["tainted_flow"])) {
+ $this->outputs->taintedFlow($value["outputs"]["tainted_flow"]);
+ }
+
+ if (isset($value["outputs"]["include_failures_file"])) {
+ $this->outputs->setIncludeFailuresFile($value["outputs"]["include_failures_file"]);
+ }
+ }
+
+ if (isset($value["options"])) {
+ if (isset($value["options"]["analyze_includes"])) {
+ $this->setAnalyzeIncludes($value["options"]["analyze_includes"]);
+ }
+
+ if (isset($value["options"]["max_file_analysis_duration"])) {
+ $this->setMaxFileAnalysisDuration($value["options"]["max_file_analysis_duration"]);
+ }
+
+ if (isset($value["options"]["max_definitions"])) {
+ $this->setMaxDefinitions($value["options"]["max_definitions"]);
+ }
+
+ if (isset($value["options"]["max_file_size"])) {
+ $this->setMaxFileSize($value["options"]["max_file_size"]);
+ }
+
+ if (isset($value["options"]["max_memory"])) {
+ $this->setMaxFileSize($value["options"]["max_memory"]);
+ }
+
+ if (isset($value["options"]["debug_mode"])) {
+ $this->setDebugMode($value["options"]["debug_mode"]);
+ }
+
+ if (isset($value["options"]["pretty_print"])) {
+ $this->setPrettyPrint($value["options"]["pretty_print"]);
+ }
+ }
+ }
+ } else {
+ Utils::printError(
+ Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($this->configurationFile).")"
+ );
+ }
+ } catch (ParseException $e) {
+ Utils::printError(Lang::UNABLE_TO_PARSER_YAML);
+ }
+ }
+ }
+}
diff --git a/package/src/progpilot/Dataflow/Classes.php b/package/src/progpilot/Dataflow/Classes.php
index 671680d1..c6c1dee9 100644
--- a/package/src/progpilot/Dataflow/Classes.php
+++ b/package/src/progpilot/Dataflow/Classes.php
@@ -26,32 +26,17 @@ public function getListClasses()
public function addMyclass($newMyClass)
{
- /*
- if (!in_array($myClass, $this->listClasses, true))
- $this->listClasses[] = $myClass;
- */
-
- $continue = true;
- foreach ($this->listClasses as $myClass) {
- if ($myClass->getName() === $newMyClass->getName()) {
- $continue = false;
- break;
- }
- }
-
- if ($continue) {
- $this->listClasses[] = $newMyClass;
+ if (!isset($this->listClasses[$newMyClass->getName()])) {
+ $this->listClasses[$newMyClass->getName()] = $newMyClass;
}
}
public function getMyClass($name)
{
- foreach ($this->listClasses as $myClass) {
- if ($myClass->getName() === $name) {
- return $myClass;
- }
+ if (isset($this->listClasses[$name])) {
+ return $this->listClasses[$name];
}
-
+
return null;
}
}
diff --git a/package/src/progpilot/Dataflow/Definitions.php b/package/src/progpilot/Dataflow/Definitions.php
index 7156db3b..5e164836 100644
--- a/package/src/progpilot/Dataflow/Definitions.php
+++ b/package/src/progpilot/Dataflow/Definitions.php
@@ -34,6 +34,7 @@ public function __construct()
{
$this->currentFunc = null;
$this->nbDefs = 0;
+ $this->defs = [];
}
public function setNbDefs($nbDefs)
@@ -108,9 +109,19 @@ public function getDefs()
return $this->defs;
}
+ public function getOriginalDef($id)
+ {
+ if (isset($this->originalDefs[$id])) {
+ return $this->originalDefs[$id];
+ }
+
+ return null;
+ }
+
public function addDef($name, $def)
{
$continue = true;
+
if (isset($this->defs[$name])) {
$continue = false;
if (!in_array($def, $this->defs[$name], true)) {
@@ -121,9 +132,8 @@ public function addDef($name, $def)
if ($continue) {
$this->nbDefs ++;
$this->defs[$name][] = $def;
+ $this->originalDefs[$def->getId()] = clone $def;
}
-
- return $continue;
}
public function addIn($block, $def)
@@ -256,25 +266,9 @@ public function getDefRefByName($name)
}
// def1 = def, def2 = defsearch inside ResolveDefs function
- public static function defEquality($def1, $def2, $byPassArray = false)
+ public static function defEquality($def1, $def2)
{
if ($def1->getName() === $def2->getName()) {
- if (($def1->property->getProperties() !== $def2->property->getProperties())
- && !$def1->property->hasProperty("PROGPILOT_ALL_PROPERTIES_TAINTED")
- && !$def2->property->hasProperty("PROGPILOT_ALL_PROPERTIES_TAINTED")) {
- return false;
- }
-
- if (($def1->getArrayValue() !== $def2->getArrayValue()) && !$byPassArray) {
- if ($def1->isType(MyDefinition::TYPE_ARRAY) && $def2->isType(MyDefinition::TYPE_ARRAY)) {
- $extract = BuildArrays::extractArrayFromArr($def1->getArrayValue(), $def2->getArrayValue());
-
- if ($extract === false) {
- return false;
- }
- }
- }
-
return true;
}
@@ -282,7 +276,7 @@ public static function defEquality($def1, $def2, $byPassArray = false)
}
// $this->data["gen"][$blockId]
- public function computeKill($context, $blockId)
+ public function computeKill($blockId)
{
foreach ($this->gen[$blockId] as $gen) {
$tmpdefs = $this->getDefRefByName($gen->getName());
@@ -311,9 +305,9 @@ public function reachingDefs($myBlocks)
while ($change) {
$change = false;
- foreach ($myBlocks as $id => $block) {
+ foreach ($myBlocks as $block) {
+ $idcurrent = $block->getId();
foreach ($block->parents as $idparent => $parent) {
- $idcurrent = $block->getId();
$idparent = $parent->getId();
if ($idcurrent !== $idparent) {
diff --git a/package/src/progpilot/Dataflow/Functions.php b/package/src/progpilot/Dataflow/Functions.php
index c845da44..32d8860c 100644
--- a/package/src/progpilot/Dataflow/Functions.php
+++ b/package/src/progpilot/Dataflow/Functions.php
@@ -12,38 +12,49 @@
use progpilot\Objects\MyFunction;
use progpilot\Objects\MyOp;
+use progpilot\Utils;
class Functions
{
private $functions;
- public function getFunction($funcname, $className = null)
+ public function __construct()
{
- if (isset($this->functions[$funcname])) {
- $list_funcs = $this->functions[$funcname];
- foreach ($list_funcs as $myFunc) {
- if (!$myFunc->isType(MyFunction::TYPE_FUNC_METHOD) && is_null($className)) {
- return $myFunc;
- }
+ $this->functions = [];
+ }
- if ($myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- $myClass = $myFunc->getMyClass();
- if ($className === $myClass->getName()) {
- return $myFunc;
- }
- }
+ public function getAllFunctions($funcname, $className = "function")
+ {
+ $functionsTmp = [];
+
+ foreach ($this->functions as $id => $functionsFile) {
+ if (isset($functionsFile[$className][$funcname])) {
+ $functionsTmp[] = $functionsFile[$className][$funcname];
}
}
- return null;
+ return $functionsTmp;
}
- public function getFunctionsByName($name)
+
+ public function getFunction($funcname, $className = null, $specificFile = null)
{
- if (isset($this->functions[$name])) {
- return $this->functions[$name];
+ if (is_null($className)) {
+ $className = "function";
}
+ if (!is_null($specificFile)) {
+ if (isset($this->functions[$specificFile][$className][$funcname])) {
+ return $this->functions[$specificFile][$className][$funcname];
+ }
+ } else {
+ foreach ($this->functions as $id => $functionsFile) {
+ if (isset($functionsFile[$className][$funcname])) {
+ return $functionsFile[$className][$funcname];
+ }
+ }
+ }
+
return null;
}
@@ -52,27 +63,20 @@ public function getFunctions()
return $this->functions;
}
- public function addFunction($funcname, $func)
+ public function addFunction($filenamehash, $classname, $funcname, $myFunc)
{
- // we can have many functions/methods with the same name
- $continue = true;
- if (isset($this->functions[$funcname])) {
- $continue = false;
- if (!in_array($func, $this->functions[$funcname], true)) {
- $continue = true;
- }
- }
-
- if ($continue) {
- $this->functions[$funcname][] = $func;
- }
+ $this->functions[$filenamehash][$classname][$funcname] = $myFunc;
}
- public function delFunction($funcname)
+ public function delFunction($filenamehash, $classname, $funcname)
{
- $save = $this->functions[$funcname];
- $this->functions[$funcname] = [];
- //unset($this->functions[$funcname]);
+ $save = null;
+
+ if (isset($this->functions[$filenamehash][$classname][$funcname])) {
+ $save = $this->functions[$filenamehash][$classname][$funcname];
+ $this->functions[$filenamehash][$classname][$funcname] = null;
+ }
+
return $save;
}
}
diff --git a/package/src/progpilot/Dataflow/VisitorDataflow.php b/package/src/progpilot/Dataflow/VisitorDataflow.php
index cfbfcbc9..ffbe262b 100644
--- a/package/src/progpilot/Dataflow/VisitorDataflow.php
+++ b/package/src/progpilot/Dataflow/VisitorDataflow.php
@@ -24,31 +24,24 @@
use progpilot\Utils;
use progpilot\Lang;
+use progpilot\Helpers\Analysis as HelpersAnalysis;
+
class VisitorDataflow
{
- private $defs;
- private $blocks;
- private $currentBlockId;
- private $currentClass;
-
- public function __construct()
- {
- }
+ private $blocksArrays;
- protected function getBlockId($myBlock)
+ protected function isArrayAlreadyDefined($nameArray)
{
- if (isset($this->blocks[$myBlock])) {
- return $this->blocks[$myBlock];
+ if (isset($this->blocksArrays["".$nameArray.""])) {
+ return true;
}
- return -1;
+ return false;
}
- protected function setBlockId($myBlock)
+ protected function defineArray($nameArray)
{
- if (!isset($this->blocks[$myBlock])) {
- $this->blocks[$myBlock] = count($this->blocks);
- }
+ $this->blocksArrays["".$nameArray.""] = true;
}
public function analyze($context, $myFunc, $defsIncluded = null)
@@ -59,83 +52,36 @@ public function analyze($context, $myFunc, $defsIncluded = null)
$index = 0;
$myFunc->getMyCode()->setEnd(count($code));
- $blocksStackId = [];
- $lastBlockId = 0;
+ $blocks = null;
+ $blocksStack = null;
$firstBlock = true;
-
+ $alreadyWarned = false;
+ $defs = null;
+
do {
if (isset($code[$index])) {
$instruction = $code[$index];
switch ($instruction->getOpcode()) {
- case Opcodes::START_EXPRESSION:
- // representations start
- $idCfg = hash("sha256", $this->currentFunc->getName()."-".$this->currentBlockId);
- $context->outputs->cfg->addTextOfMyBlock($idCfg, Opcodes::START_EXPRESSION."\n");
- // representations end
- break;
-
- case Opcodes::END_EXPRESSION:
- // representations start
- $idCfg = hash("sha256", $this->currentFunc->getName()."-".$this->currentBlockId);
- $context->outputs->cfg->addTextOfMyBlock($idCfg, Opcodes::END_EXPRESSION."\n");
- // representations end
- break;
-
- case Opcodes::CLASSE:
- $myClass = $instruction->getProperty(MyInstruction::MYCLASS);
- foreach ($myClass->getProperties() as $property) {
- if (is_null($property->getSourceMyFile())) {
- $property->setSourceMyFile($context->getCurrentMyfile());
- }
- }
-
- $objectId = $context->getObjects()->addObject();
- $myClass->setObjectIdThis($objectId);
-
-
- $this->currentClass = $myClass;
-
- break;
-
case Opcodes::ENTER_FUNCTION:
- $blockIdZero = hash("sha256", "0-".$context->getCurrentMyfile()->getName());
+ $alreadyWarned = false;
$myFunc = $instruction->getProperty(MyInstruction::MYFUNC);
$myFunc->setSourceMyFile($context->getCurrentMyfile());
- $blocks = new \SplObjectStorage;
+ $blocks = [];
+ $blocksStack = [];
$defs = new Definitions();
- $defs->createBlock($blockIdZero);
+ //$defs->createBlock(0); // transform.php: properties have block id 0
$myFunc->setDefs($defs);
- $myFunc->setBlocks($blocks);
-
- $this->defs = $defs;
- $this->blocks = $blocks;
- $this->currentBlockId = $blockIdZero;
- $this->currentFunc = $myFunc;
-
- if ($myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- $thisdef = $myFunc->getThisDef();
- $thisdef->setSourceMyFile($context->getCurrentMyfile());
-
- $thisdef->setObjectId($this->currentClass->getObjectIdThis());
- $thisdef->setBlockId($blockIdZero);
-
- $this->defs->addDef($thisdef->getName(), $thisdef);
- $this->defs->addGen($thisdef->getBlockId(), $thisdef);
-
- $context->getObjects()->addMyclassToObject(
- $this->currentClass->getObjectIdThis(),
- $this->currentClass
- );
- }
+ $context->setCurrentFunc($myFunc);
// representations start
- $hashedValue = $this->currentFunc->getName()."-".$this->currentBlockId;
+ $hashedValue = $context->getCurrentFunc()->getName()."-".$context->getCurrentBlock()->getId();
$idCfg = hash("sha256", $hashedValue);
- $context->outputs->cfg->addTextOfMyBlock(
+ $context->outputs->cfgAddTextOfMyBlock(
+ $context->getCurrentFunc(),
$idCfg,
Opcodes::ENTER_FUNCTION." ".htmlentities($myFunc->getName(), ENT_QUOTES, 'UTF-8')."\n"
);
@@ -145,70 +91,84 @@ public function analyze($context, $myFunc, $defsIncluded = null)
case Opcodes::ENTER_BLOCK:
$myBlock = $instruction->getProperty(MyInstruction::MYBLOCK);
+ $myBlock->setSourceMyFile($context->getCurrentMyfile());
- $this->setBlockId($myBlock);
- $blockIdTmp = $this->getBlockId($myBlock);
-
- $blockId = hash("sha256", "$blockIdTmp-".$context->getCurrentMyfile()->getName());
- $myBlock->setId($blockId);
+ $context->setCurrentBlock($myBlock);
+ array_push($blocksStack, $myBlock);
+ array_push($blocks, $myBlock);
- array_push($blocksStackId, $blockId);
- $this->currentBlockId = $blockId;
-
- if ($blockId !== hash("sha256", "0-".$context->getCurrentMyfile()->getName())) {
- $this->defs->createBlock($blockId);
- }
+ $context->getCurrentFunc()->getDefs()->createBlock($myBlock->getId());
$assertions = $myBlock->getAssertions();
foreach ($assertions as $assertion) {
$myDef = $assertion->getDef();
- $myDef->setBlockId($blockId);
+ $myDef->setBlockId($myBlock->getId());
}
// representations start
- $idCfg = hash("sha256", $this->currentFunc->getName()."-".$this->currentBlockId);
- $context->outputs->cfg->addTextOfMyBlock($idCfg, Opcodes::ENTER_BLOCK."\n");
- $context->outputs->cfg->addNode($idCfg, $myBlock);
+ $idCfg = hash("sha256", $context->getCurrentFunc()->getName()."-".$myBlock->getId());
+ $context->outputs->cfgAddTextOfMyBlock(
+ $context->getCurrentFunc(),
+ $idCfg,
+ Opcodes::ENTER_BLOCK."\n"
+ );
+ $context->outputs->cfgAddNode($context->getCurrentFunc(), $idCfg, $myBlock);
foreach ($myBlock->parents as $parent) {
- $context->outputs->cfg->addEdge($parent, $myBlock);
+ $context->outputs->cfgAddEdge($context->getCurrentFunc(), $parent, $myBlock);
}
// representations end
- if ($firstBlock && !is_null($defsIncluded) && $this->currentFunc->getName() === "{main}") {
- foreach ($defsIncluded as $def_included) {
- $this->defs->addDef($def_included->getName(), $def_included);
- $this->defs->addGen($blockId, $def_included);
- }
-
+ if ($firstBlock) {
+ $context->getCurrentFunc()->setFirstBlockId($myBlock->getId());
$firstBlock = false;
- }
- break;
+ // param are part of the first block of the function
+ foreach ($context->getCurrentFunc()->getParams() as $param) {
+ $param->setBlockId($myBlock->getId());
+ $param->unsetState(0);
+ $state = $param->createState();
+ $param->assignStateToBlockId($state->getId(), $myBlock->getId());
+ }
+ // end
- case Opcodes::LEAVE_BLOCK:
- $myBlock = $instruction->getProperty(MyInstruction::MYBLOCK);
- $blockId = $myBlock->getId();
+ if ($context->getCurrentFunc()->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ $thisdef = $context->getCurrentFunc()->getThisDef();
- $pop = array_pop($blocksStackId);
+ $thisdef->setBlockId($myBlock->getId());
+ $thisdef->unsetState(0);
+ $state = $thisdef->createState();
+ $thisdef->assignStateToBlockId($state->getId(), $myBlock->getId());
- if (count($blocksStackId) > 0) {
- $this->currentBlockId = $blocksStackId[count($blocksStackId) - 1];
+ $thisdef->getCurrentState()->addType(MyDefinition::TYPE_INSTANCE);
+
+ $context->getCurrentFunc()->getDefs()->addDef($thisdef->getName(), $thisdef);
+ $context->getCurrentFunc()->getDefs()->addGen($thisdef->getBlockId(), $thisdef);
+ }
}
- if (($this->currentFunc->getDefs()->getNbDefs() > $context->getLimitDefs()) ||
- ($context->getCurrentNbDefs() > $context->getLimitDefs())) {
- Utils::printWarning($context, Lang::MAX_DEFS_EXCEEDED);
- return;
+ // just to keep array def uptodate
+ $blocksArrays["".$myBlock->getId().""] = [];
+
+ break;
+
+ case Opcodes::LEAVE_BLOCK:
+ $myBlock = $instruction->getProperty(MyInstruction::MYBLOCK);
+ array_pop($blocksStack);
+ if (!empty($blocksStack)) {
+ $context->setCurrentBlock($blocksStack[count($blocksStack) - 1]);
}
- $this->defs->computeKill($context, $blockId);
- $lastBlockId = $blockId;
+ $context->getCurrentFunc()->getDefs()->computeKill($myBlock->getId());
// representations start
- $idCfg = hash("sha256", $this->currentFunc->getName()."-".$this->currentBlockId);
- $context->outputs->cfg->addTextOfMyBlock($idCfg, Opcodes::LEAVE_BLOCK."\n");
+ $idCfg = hash("sha256", $context->getCurrentFunc()->getName()."-".$myBlock->getId());
+ $context->outputs->cfgAddTextOfMyBlock(
+ $context->getCurrentFunc(),
+ $idCfg,
+ Opcodes::LEAVE_BLOCK."\n"
+ );
// representations end
break;
@@ -217,61 +177,47 @@ public function analyze($context, $myFunc, $defsIncluded = null)
case Opcodes::LEAVE_FUNCTION:
$myFunc = $instruction->getProperty(MyInstruction::MYFUNC);
- $context->setCurrentNbDefs($context->getCurrentNbDefs() + $myFunc->getDefs()->getNbDefs());
-
- if ($context->getCurrentNbDefs() > $context->getLimitDefs()) {
- Utils::printWarning($context, Lang::MAX_DEFS_EXCEEDED);
- return;
- }
+ $context->getCurrentFunc()->getDefs()->reachingDefs($blocks);
- $this->defs->reachingDefs($this->blocks);
+ $myFunc->setBlocks($blocks);
- $myFunc->setLastBlockId($lastBlockId);
+ $lastBlockIds = $myFunc->getLastBlockIds();
+
+ // functions are generally parsed before the main and so declarations of instances
+ if ($myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ foreach ($context->getObjects()->getObjects() as $idobject => $myClass) {
+ if (!is_null($myClass)) {
+ foreach ($myClass->getMethods() as $myMethod) {
+ if ($myMethod->getName() === $myFunc->getName()) {
+ $myMethod->setLastBlockIds($lastBlockIds);
+ }
+ }
+ }
+ }
+ }
// representations start
- $idCfg = hash("sha256", $this->currentFunc->getName()."-".$this->currentBlockId);
- $context->outputs->cfg->addTextOfMyBlock($idCfg, Opcodes::LEAVE_FUNCTION."\n");
+ if (isset($lastBlockIds[0])) {
+ $idCfg = hash("sha256", $context->getCurrentFunc()->getName()."-".$lastBlockIds[0]);
+ $context->outputs->cfgAddTextOfMyBlock(
+ $context->getCurrentFunc(),
+ $idCfg,
+ Opcodes::LEAVE_FUNCTION."\n"
+ );
+ }
// representations end
break;
case Opcodes::FUNC_CALL:
$myFuncCall = $instruction->getProperty(MyInstruction::MYFUNC_CALL);
- $myFuncCall->setBlockId($this->currentBlockId);
+ $myFuncCall->setBlockId($context->getCurrentBlock()->getId());
if (is_null($myFuncCall->getSourceMyFile())) {
$myFuncCall->setSourceMyFile($context->getCurrentMyfile());
}
- if ($myFuncCall->isType(MyFunction::TYPE_FUNC_METHOD)) {
- $mybackdef = $myFuncCall->getBackDef();
- $mybackdef->setBlockId($this->currentBlockId);
- $mybackdef->addType(MyDefinition::TYPE_INSTANCE);
- $mybackdef->setSourceMyFile($context->getCurrentMyfile());
-
- $idObject = $context->getObjects()->addObject();
- $mybackdef->setObjectId($idObject);
-
- if (!empty($mybackdef->getClassName())) {
- $className = $mybackdef->getClassName();
- $myClass = $context->getClasses()->getMyClass($className);
-
- if (is_null($myClass)) {
- $myClass = new MyClass(
- $mybackdef->getLine(),
- $mybackdef->getColumn(),
- $className
- );
- }
-
- $context->getObjects()->addMyclassToObject($idObject, $myClass);
- }
-
- $this->defs->addDef($mybackdef->getName(), $mybackdef);
- $this->defs->addGen($mybackdef->getBlockId(), $mybackdef);
- }
-
- $mySource = $context->inputs->getSourceByName(null, $myFuncCall, true, false, false);
+ $mySource = $context->inputs->getSourceByName($myFuncCall, null);
if (!is_null($mySource)) {
if ($mySource->hasParameters()) {
$nbparams = 0;
@@ -283,10 +229,16 @@ public function analyze($context, $myFunc, $defsIncluded = null)
$defarg = $instruction->getProperty("argdef$nbparams");
if ($mySource->isParameter($nbparams + 1)) {
- $deffrom = $defarg->getValueFromDef();
+ $deffrom = $instruction->getProperty("argoriginaldef$nbparams");
if (!is_null($deffrom)) {
- $this->defs->addDef($deffrom->getName(), $deffrom);
- $this->defs->addGen($deffrom->getBlockId(), $deffrom);
+ $context->getCurrentFunc()->getDefs()->addDef(
+ $deffrom->getName(),
+ $deffrom
+ );
+ $context->getCurrentFunc()->getDefs()->addGen(
+ $deffrom->getBlockId(),
+ $deffrom
+ );
}
}
@@ -296,8 +248,12 @@ public function analyze($context, $myFunc, $defsIncluded = null)
}
// representations start
- $idCfg = hash("sha256", $this->currentFunc->getName()."-".$this->currentBlockId);
- $context->outputs->cfg->addTextOfMyBlock(
+ $idCfg = hash(
+ "sha256",
+ $context->getCurrentFunc()->getName()."-".$context->getCurrentBlock()->getId()
+ );
+ $context->outputs->cfgAddTextOfMyBlock(
+ $context->getCurrentFunc(),
$idCfg,
Opcodes::FUNC_CALL." ".htmlentities($myFuncCall->getName(), ENT_QUOTES, 'UTF-8')."\n"
);
@@ -305,45 +261,39 @@ public function analyze($context, $myFunc, $defsIncluded = null)
break;
- case Opcodes::TEMPORARY:
- $listOfMyTemp = [];
- if ($instruction->isPropertyExist(MyInstruction::PHI)) {
- for ($i = 0; $i < $instruction->getProperty(MyInstruction::PHI); $i++) {
- $listOfMyTemp[] = $instruction->getProperty("temp_".$i);
- }
- } else {
- $listOfMyTemp[] = $instruction->getProperty(MyInstruction::TEMPORARY);
- }
-
- foreach ($listOfMyTemp as $myDef) {
- $myDef->setBlockId($this->currentBlockId);
-
- if (is_null($myDef->getSourceMyFile())) {
- $myDef->setSourceMyFile($context->getCurrentMyfile());
- }
-
- // representations start
- $idCfg = hash("sha256", $this->currentFunc->getName()."-".$this->currentBlockId);
- $context->outputs->cfg->addTextOfMyBlock($idCfg, Opcodes::TEMPORARY."\n");
- // representations end
- }
-
- break;
-
case Opcodes::DEFINITION:
$myDef = $instruction->getProperty(MyInstruction::DEF);
- $myDef->setBlockId($this->currentBlockId);
- if (is_null($myDef->getSourceMyFile())) {
- $myDef->setSourceMyFile($context->getCurrentMyfile());
+ if ($context->getCurrentFunc()->getDefs()->getNbDefs() < $context->getMaxDefinitions()) {
+ if ($myDef->isType(MyDefinition::TYPE_ARRAY)) {
+ // only one array by name is defined in a function (or blocks see arrays12.php)
+ if (!$this->isArrayAlreadyDefined($myDef->getName())) {
+ $context->getCurrentFunc()->getDefs()->addDef($myDef->getName(), $myDef);
+ $context->getCurrentFunc()->getDefs()->addGen($myDef->getBlockId(), $myDef);
+ $this->defineArray($myDef->getName());
+ }
+ } elseif (!$myDef->isType(MyDefinition::TYPE_PROPERTY)
+ && !$myDef->isType(MyDefinition::TYPE_STATIC_PROPERTY)) {
+ $context->getCurrentFunc()->getDefs()->addDef($myDef->getName(), $myDef);
+ $context->getCurrentFunc()->getDefs()->addGen($myDef->getBlockId(), $myDef);
+ }
+ } else {
+ if (!$alreadyWarned) {
+ Utils::printWarning($context, Lang::MAX_DEFS_EXCEEDED);
+ $alreadyWarned = true;
+ }
}
-
- $this->defs->addDef($myDef->getName(), $myDef);
- $this->defs->addGen($myDef->getBlockId(), $myDef);
// representations start
- $idCfg = hash("sha256", $this->currentFunc->getName()."-".$this->currentBlockId);
- $context->outputs->cfg->addTextOfMyBlock($idCfg, Opcodes::DEFINITION."\n");
+ $idCfg = hash(
+ "sha256",
+ $context->getCurrentFunc()->getName()."-".$context->getCurrentBlock()->getId()
+ );
+ $context->outputs->cfgAddTextOfMyBlock(
+ $context->getCurrentFunc(),
+ $idCfg,
+ Opcodes::DEFINITION."\n"
+ );
// representations end
break;
diff --git a/package/src/progpilot/Helpers/Analysis.php b/package/src/progpilot/Helpers/Analysis.php
new file mode 100644
index 00000000..f014a47a
--- /dev/null
+++ b/package/src/progpilot/Helpers/Analysis.php
@@ -0,0 +1,354 @@
+getObjects()->getObjects() as $id => $objectClass) {
+ $params = array($context, $id, $objectClass, $myClass);
+ call_user_func_array(__NAMESPACE__ ."\\$func", $params);
+ }
+ }
+
+ public static function forDefsInFunctions($context, $func, $myClass)
+ {
+ foreach ($context->getFunctions()->getFunctions() as $functionsBlocks) {
+ foreach ($functionsBlocks as $functionBlock) {
+ foreach ($functionBlock->getDefs()->getDefs() as $defsBlocks) {
+ foreach ($defsBlocks as $defBlock) {
+ $params = array($context, $defBlock, $myClass);
+ call_user_func_array(__NAMESPACE__ ."\\$func", $params);
+ }
+ }
+ }
+ }
+ }
+
+ public static function forAllDefsOfFunctionExceptReturnDefs($func, $myFunc)
+ {
+ $returnDefs = $myFunc->getReturnDefs();
+ foreach ($myFunc->getDefs()->getDefs() as $defnames) {
+ if (is_array($defnames)) {
+ foreach ($defnames as $def) {
+ if (!in_array($def, $returnDefs, true)) {
+ $params = array($def, $myFunc->getDefs());
+ call_user_func_array(__NAMESPACE__ ."\\$func", $params);
+ }
+ }
+ }
+ }
+ }
+
+ public static function forAllReturnDefsOfFunction($func, $myFunc)
+ {
+ $initialReturnDefs = $myFunc->getInitialReturnDefs();
+ $returnDefs = $myFunc->getReturnDefs();
+ $i = 0;
+ foreach ($returnDefs as $returnDef) {
+ if (isset($initialReturnDefs[$i])) {
+ $params = array($returnDef, $initialReturnDefs[$i]);
+ call_user_func_array(__NAMESPACE__ ."\\$func", $params);
+ }
+
+ $i ++;
+ }
+ }
+
+ public static function forAllDefsOfFunction($func, $myFunc)
+ {
+ foreach ($myFunc->getDefs()->getDefs() as $defnames) {
+ if (is_array($defnames)) {
+ foreach ($defnames as $def) {
+ $params = array($def, $myFunc->getDefs());
+ call_user_func_array(__NAMESPACE__ ."\\$func", $params);
+ }
+ }
+ }
+ }
+
+ public static function forAllArgumentsOfFunction($func, $myfunc, $instruction)
+ {
+ $params = $myfunc->getParams();
+
+ for ($i = 0; $i < count($params); $i++) {
+ if ($instruction->isPropertyExist("argdef$i")) { // myfunccall
+ $defArg = $instruction->getProperty("argdef$i");
+ $params = array($myfunc, $i, $defArg);
+ call_user_func_array(__NAMESPACE__ ."\\$func", $params);
+ }
+ }
+ }
+
+ public static function checkIfTimeExecutionIsAcceptable($context, $myFunc)
+ {
+ $threshold1 = $context->getMaxFileAnalysisDuration() / 4; // 7.5 seconds by default
+ $threshold2 = $context->getMaxFileAnalysisDuration() / 15; // 2 seconds by defaults
+ $lastExecutionTime = $myFunc->getLastExecutionTime();
+ $nbExecutions = $myFunc->getNbExecutions();
+
+ if (($nbExecutions >= 1 && $nbExecutions < 5 && $lastExecutionTime >= $threshold1)
+ || ($nbExecutions >= 4 && $nbExecutions < 10 && $lastExecutionTime >= $threshold2)
+ || $nbExecutions >= 10) {
+ return false;
+ }
+
+ return true;
+ }
+
+ public static function getBytes($val)
+ {
+ $val = trim($val);
+ $last = strtolower($val[strlen($val)-1]);
+ if (!is_numeric($last)) {
+ $val = (int) substr($val, 0, -1);
+ switch ($last) {
+ // The 'G' modifier is available since PHP 5.1.0
+ case 'g':
+ $val *= 1024;
+ // no break
+ case 'm':
+ $val *= 1024;
+ // no break
+ case 'k':
+ $val *= 1024;
+ }
+ }
+
+ return $val;
+ }
+
+ public static function isASource($context, $def, $myClass, $arrayDim)
+ {
+ $source = $context->inputs->getSourceByName($def, $myClass, $arrayDim);
+
+ if (!is_null($source)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public static function forEachTaintedByDefs($def, $block, $callback)
+ {
+ foreach ($def->getStates() as $state) {
+ $taintedDefs = $state->getTaintedByDefs();
+ foreach ($taintedDefs as $taintedByDef) {
+ $taintedDef = $taintedByDef[0];
+ $taintedState = $taintedByDef[1];
+
+ $params = array($taintedDef, $block);
+ call_user_func_array(__NAMESPACE__ ."\\$callback", $params);
+ }
+ }
+ }
+
+ public static function updateNbChars(&$nbChars, $string, $arrayChars)
+ {
+ if (is_string($string)) {
+ foreach ($arrayChars as $char) {
+ if (!isset($nbChars[$char])) {
+ $nbChars[$char] = 0;
+ }
+ }
+
+ for ($i = 0; $i < strlen($string); $i++) {
+ foreach ($arrayChars as $char) {
+ if ($string[$i] === $char) {
+ $nbChars[$char] ++;
+ }
+ }
+ }
+ }
+ }
+
+ public static function getNbChars($string, $arrayChars)
+ {
+ $nbChars = [];
+
+ if (is_string($string)) {
+ foreach ($arrayChars as $char) {
+ $nbChars[$char] = 0;
+ }
+
+ for ($i = 0; $i < strlen($string); $i++) {
+ foreach ($arrayChars as $char) {
+ if ($string[$i] === $char) {
+ $nbChars[$char] ++;
+ }
+ }
+ }
+ }
+
+ return $nbChars;
+ }
+
+ public static function checkCallStackReachMaxTime($context)
+ {
+ $callStack = $context->getCallStack();
+ $endTime = microtime(true);
+
+ if (is_array($callStack)) {
+ foreach ($callStack as $call) {
+ $myFunc = $call[0];
+ $startTime = $myFunc->getStartExecutionTime();
+ $diff = $endTime - $startTime;
+
+ if ($diff > $context->getMaxFileAnalysisDuration()) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
+ public static function checkDeeplyIfDefIsTainted($def)
+ {
+ $arrayTotal[] = $def;
+ $defsToAnalyze[] = $def;
+ while (!empty($defsToAnalyze)) {
+ $def = array_pop($defsToAnalyze);
+ foreach ($def->getStates() as $state) {
+ if ($state->isTainted()) {
+ return true;
+ }
+
+ foreach ($state->getArrayIndexes() as $arrayElement) {
+ if ($arrayElement->def !== $def
+ && !in_array($arrayElement->def, $defsToAnalyze, true)
+ && !in_array($arrayElement->def, $arrayTotal, true)
+ && count($arrayTotal) < 50) {
+ $defsToAnalyze[] = $arrayElement->def;
+ $arrayTotal[] = $arrayElement->def;
+ }
+ }
+ }
+ }
+
+ return false;
+ }
+
+ public static function checkIfOneFunctionArgumentIsNew($myFunc, $instruction)
+ {
+ if (!is_null($myFunc)) {
+ $params = $myFunc->getParams();
+
+ if (empty($params)) {
+ // if it's not a method and empty params,
+ // then we can't have additional tainted return
+ return false;
+ }
+
+ $statesPastArgs = $myFunc->getStatePastArguments();
+ for ($i = 0; $i < count($params); $i++) {
+ if ($instruction->isPropertyExist("argdef$i")) {
+ $defArg = $instruction->getProperty("argdef$i");
+
+ if (Analysis::checkDeeplyIfDefIsTainted($defArg)) {
+ return true;
+ }
+
+ if (empty($defArg->getCurrentState()->getLastKnownValues())) {
+ return false;
+ }
+
+ if (isset($statesPastArgs[$i]) && is_array($statesPastArgs[$i])) {
+ foreach ($statesPastArgs[$i] as $statePastArg) {
+ if ($defArg->getCurrentState()->getLastKnownValues()
+ === $statePastArg->getLastKnownValues()) {
+ return false;
+ }
+ }
+ } else {
+ return true;
+ }
+ }
+ }
+ }
+
+ return false;
+ }
+
+ public static function checkIfFuncEqualMySpecify($context, $mySpecify, $myFunc, $myClass = null)
+ {
+ if (!$mySpecify->isInstance()
+ && $mySpecify->getName() === $myFunc->getName()) {
+ return true;
+ }
+
+ if ($mySpecify->isInstance() && !is_null($myClass) &&
+ ($myClass->getName() === $mySpecify->getInstanceOfName()
+ || $myClass->getExtendsOf() === $mySpecify->getInstanceOfName())) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public static function checkIfDefEqualDefRule($context, $defs, $rule, $def, $myClass = null)
+ {
+ $definition = $rule->getDefinition();
+
+ if (!$definition->isInstance()
+ && $def->getName() === $definition->getName()) {
+ return true;
+ }
+
+ if ($definition->isInstance() && !is_null($myClass) && $def->getName() === $definition->getName() &&
+ ($myClass->getName() === $definition->getInstanceOfName()
+ || $myClass->getExtendsOf() === $definition->getInstanceOfName())) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public static function createObject($context, $myDef)
+ {
+ if ($myDef->isType(MyDefinition::TYPE_INSTANCE)
+ || $myDef->getCurrentState()->isType(MyDefinition::TYPE_INSTANCE)) {
+ $idObject = $context->getObjects()->addObject();
+
+ if ($myDef->getCurrentState()->getObjectId() === -1) {
+ $myDef->getCurrentState()->setObjectId($idObject);
+ $myDef->getCurrentState()->addType(MyDefinition::TYPE_INSTANCE);
+
+ if (!empty($myDef->getClassName())) {
+ $myClass = $context->getClasses()->getMyClass($myDef->getClassName());
+ if (is_null($myClass)) {
+ $myClass = new MyClass(
+ $myDef->getLine(),
+ $myDef->getColumn(),
+ $myDef->getClassName()
+ );
+ } else {
+ $myClass = clone $myClass;
+ }
+
+ $context->getObjects()->addMyclassToObject($idObject, $myClass);
+ }
+ }
+ }
+ }
+}
diff --git a/package/src/progpilot/Helpers/Callbacks.php b/package/src/progpilot/Helpers/Callbacks.php
new file mode 100644
index 00000000..7d36dfd5
--- /dev/null
+++ b/package/src/progpilot/Helpers/Callbacks.php
@@ -0,0 +1,73 @@
+getName() === $newMyclass->getName()) {
+ $context->getObjects()->addMyclassToObject($idObject, $newMyclass);
+ }
+ }
+
+ public static function addStateDefAsAPastArgument($myfunc, $nbparam, $arg)
+ {
+ $myfunc->addStatePastArgument($nbparam, $arg->getCurrentState());
+ }
+
+ public static function addAttributesOfInitialReturnDefs($returnDef, $initialReturnDef)
+ {
+ $returnDef->setStates($initialReturnDef->getStates());
+ $returnDef->setStatesToBlocksIds($initialReturnDef->getStatesToBlocksIds());
+ }
+
+ public static function addSanitizedTypes($defValid, $sanitizedTypes)
+ {
+ $defValid->getCurrentState()->setSanitized(true);
+ if (is_array($sanitizedTypes)) {
+ foreach ($sanitizedTypes as $sanitizedType) {
+ $defValid->getCurrentState()->addTypeSanitized($sanitizedType);
+ }
+ }
+ }
+
+ public static function addValidAssertion($defValid, $block)
+ {
+ $myAssertion = new MyAssertion($defValid, "valid");
+ $block->addAssertion($myAssertion);
+ }
+
+ public static function cleanTaintedDef($def, $funcDefs)
+ {
+ $originalDef = $funcDefs->getOriginalDef($def->getId());
+
+ if (!is_null($originalDef)) {
+ $originalDefCopy = clone $originalDef;
+ $def->setType($originalDefCopy->getType());
+ $def->setSourceMyFile($originalDefCopy->getSourceMyFile());
+ $def->setName($originalDefCopy->getName());
+ $def->setValidWhenReturning($originalDefCopy->getValidWhenReturning());
+ $def->setValidNotBoolean($originalDefCopy->getValidNotBoolean());
+ $def->setReturnedFromValidator($originalDefCopy->getReturnedFromValidator());
+ $def->setClassName($originalDefCopy->getClassName());
+ $def->setRefs($originalDefCopy->getRefs());
+ $def->setStates($originalDefCopy->getStates());
+ $def->setStatesToBlocksIds($originalDefCopy->getStatesToBlocksIds());
+ }
+ }
+}
diff --git a/package/src/progpilot/Helpers/State.php b/package/src/progpilot/Helpers/State.php
new file mode 100644
index 00000000..72f53738
--- /dev/null
+++ b/package/src/progpilot/Helpers/State.php
@@ -0,0 +1,306 @@
+getParamToArg())) {
+ $def = $def->getParamToArg();
+ }
+
+ foreach ($def->getStates() as $state) {
+ if (!in_array($state->getId(), $defStack, true)) {
+ $defStack[] = $state->getId();
+ if ($state->isType(MyDefinition::TYPE_ARRAY)) {
+ State::updateBlocksOfArrayElements($context, $state, $defStack);
+ }
+
+ if ($state->isType(MyDefinition::TYPE_INSTANCE)) {
+ State::updateBlocksOfProperties($context, $state, $defStack);
+ }
+ }
+ }
+ }
+
+ public static function blockSwitching($context, $myFunc)
+ {
+ $defStack = [];
+ $tmpDefs = $myFunc->getDefs();
+ foreach ($tmpDefs->getDefs() as $defs) {
+ foreach ($defs as $def) {
+ State::updateBlocksOfDef($context, $def, $defStack);
+ }
+ }
+
+ foreach ($context->getCurrentFunc()->getBlocks() as $myBlock) {
+ $myBlock->setNeedUpdateOfState(false);
+ }
+ }
+
+ public static function updateBlocksOfArrayElement($context, $arrayElement, &$defStack)
+ {
+ $myBlock = $context->getCurrentBlock();
+ $states = [];
+ $blockParents = array_merge($myBlock->getParents(), $myBlock->getVirtualParents());
+
+ foreach ($blockParents as $parentMyBlock) {
+ if ($parentMyBlock->getId() !== $myBlock->getId()) {
+ $state = $arrayElement->getState($parentMyBlock->getId());
+ if (!is_null($state) && !in_array($state, $states, true)) {
+ $states[] = $state;
+ }
+ }
+ }
+
+ if (count($states) === 1) {
+ $newstate = $states[0];
+ $arrayElement->assignStateToBlockId($newstate->getId(), $myBlock->getId());
+ } elseif (count($states) > 1) {
+ if ($arrayElement->getNbStates() < 20) {
+ $newstate = State::mergeDefStates($states);
+ $arrayElement->addState($newstate);
+ $arrayElement->assignStateToBlockId($newstate->getId(), $myBlock->getId());
+ $defStack[] = $newstate->getId();
+ }
+ }
+ }
+
+ public static function updateBlocksOfArrayElements($context, $state, &$defStack)
+ {
+ $arrayIndexes = $state->getArrayIndexes();
+ foreach ($arrayIndexes as $arrayIndexArr) {
+ $arrayDef = $arrayIndexArr->def;
+ State::updateBlocksOfArrayElement($context, $arrayDef, $defStack);
+ State::updateBlocksOfDef($context, $arrayDef, $defStack);
+ }
+ }
+
+ public static function updateBlocksOfProperty($context, $property, &$defStack)
+ {
+ $myBlock = $context->getCurrentBlock();
+ $states = [];
+
+
+ $blockParents = $myBlock->getVirtualParents();
+ $existingState = $property->getState($myBlock->getId());
+
+ // the state has been already computer, we don't need to update that
+ // unless there is a new parent that have been added
+ if (is_null($existingState) || $myBlock->doNeedUpdateOfState()) {
+ $states = [];
+ foreach ($blockParents as $parentMyBlock) {
+ if ($parentMyBlock->getId() !== $myBlock->getId()) {
+ $state = $property->getState($parentMyBlock->getId());
+ if (!is_null($state) && !in_array($state, $states, true)) {
+ $states[] = $state;
+ }
+ }
+ }
+
+ if (count($states) === 1) {
+ $newstate = $states[0];
+ $property->assignStateToBlockId($newstate->getId(), $myBlock->getId());
+ } elseif (count($states) > 1) {
+ if ($property->getNbStates() < 20) {
+ $newstate = State::mergeDefStates($states);
+ $property->addState($newstate);
+ $property->assignStateToBlockId($newstate->getId(), $myBlock->getId());
+ $defStack[] = $newstate->getId();
+ }
+ }
+ }
+ }
+
+ public static function updateBlocksOfProperties($context, $state, &$defStack)
+ {
+ $idObject = $state->getObjectId();
+ $tmpMyClass = $context->getObjects()->getMyClassFromObject($idObject);
+
+ if (!is_null($tmpMyClass)) {
+ foreach ($tmpMyClass->getProperties() as $property) {
+ State::updateBlocksOfProperty($context, $property, $defStack);
+ State::updateBlocksOfDef($context, $property, $defStack);
+ }
+ }
+ }
+
+ public static function mergeDefsBlockIdStates($defs, $concatValues, $block)
+ {
+ $blockId = $block->getId();
+
+ $myState = new MyDefState;
+
+ $oneStateNotSanitizer = false;
+
+ foreach ($defs as $def) {
+ if ($def->isType(MyDefinition::TYPE_ARRAY_ELEMENT)
+ || $def->isType(MyDefinition::TYPE_PROPERTY)) {
+ $state = $def->getState($blockId);
+ } else {
+ $state = $def->getCurrentState();
+ }
+
+ if (!is_null($state)) {
+ if ($state->isTainted() && !AssertionAnalysis::checkDefIsAssert($block, $def)) {
+ $myState->setTainted(true);
+
+ // for the flow we don't want built-in variables
+ if ($def->getName() === "built-in-concatenation") {
+ $myState->setTaintedByDefs($state->getTaintedByDefs());
+ } else {
+ $myState->addTaintedByDef([$def, $state]);
+ }
+
+ if ($state->isSanitized() && !$oneStateNotSanitizer) {
+ $myState->setSanitized(true);
+ foreach ($state->getTypeSanitized() as $typeSanitized) {
+ $myState->addTypeSanitized($typeSanitized);
+ }
+ } else {
+ // if one value is not sanitized it's enough to not sanitize
+ // see custom/sanitizer4.php
+ $myState->setSanitized(false);
+ $myState->setTypeSanitized([]);
+ $oneStateNotSanitizer = true;
+ }
+ }
+
+ if ($state->getObjectId() !== -1) {
+ $myState->setObjectId($state->getObjectId());
+ }
+
+ if ($state->isType(MyDefinition::TYPE_INSTANCE)) {
+ $myState->addType(MyDefinition::TYPE_INSTANCE);
+ }
+
+ if ($state->isType(MyDefinition::ALL_PROPERTIES_TAINTED)) {
+ $myState->addType(MyDefinition::ALL_PROPERTIES_TAINTED);
+ $myState->addTaintedByDef([$def, $state]);
+ }
+
+ if ($state->isType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED)) {
+ $myState->addType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED);
+ $myState->addTaintedByDef([$def, $state]);
+ }
+
+ if ($state->isType(MyDefinition::TYPE_ARRAY)) {
+ foreach ($state->getArrayIndexes() as $oriArrayIndex) {
+ $retadd = $myState->addArrayIndex($oriArrayIndex->index, $oriArrayIndex->def);
+ // if tainted we force the potential existing array (could not be added before)
+ if (!$retadd && $oriArrayIndex->def->getCurrentState()->isTainted()) {
+ $myState->overwriteArrayIndex($oriArrayIndex->index, $oriArrayIndex->def);
+ }
+ }
+ $myState->addType(MyDefinition::TYPE_ARRAY);
+ }
+
+ if ($state->isType(MyDefinition::TYPE_ARRAY_ARRAY)) {
+ $myState->addType(MyDefinition::TYPE_ARRAY_ARRAY);
+ }
+
+ $myState->setIsEmbeddedByChars($state->getIsEmbeddedByChars(), true);
+ $myState->setCast($state->getCast());
+ $myState->setLabel($state->getLabel());
+
+ $values = count($concatValues) ? $concatValues : $state->getLastKnownValues();
+ foreach ($values as $value) {
+ $myState->addLastKnownValue($value);
+ }
+ }
+ }
+
+ return $myState;
+ }
+
+ public static function mergeDefStates($states)
+ {
+ $myState = new MyDefState;
+
+ $sanitizedTypes = [];
+ foreach ($states as $state) {
+ if ($state->isTainted()) {
+ $myState->setTainted(true);
+ foreach ($state->getTaintedByDefs() as $taintedDef) {
+ $myState->addTaintedByDef($taintedDef);
+ }
+ }
+
+ if ($state->isSanitized()) {
+ foreach ($state->getTypeSanitized() as $typeSanitized) {
+ $sanitizedTypes["".$typeSanitized.""][] = true;
+ }
+ }
+
+ if ($state->getObjectId() !== -1) {
+ $myState->addType(MyDefinition::TYPE_INSTANCE);
+ $myState->setObjectId($state->getObjectId());
+ }
+
+ if ($state->isType(MyDefinition::TYPE_ARRAY)) {
+ foreach ($state->getArrayIndexes() as $oriArrayIndex) {
+ if (!$myState->isArrayIndexExists($oriArrayIndex->index)) {
+ $tmpDef = clone $oriArrayIndex->def;
+ $myState->addArrayIndex($oriArrayIndex->index, $tmpDef);
+ }
+ }
+
+ $myState->addType(MyDefinition::TYPE_ARRAY);
+ }
+
+ if ($state->isType(MyDefinition::TYPE_ARRAY_ARRAY)) {
+ $myState->addType(MyDefinition::TYPE_ARRAY_ARRAY);
+ }
+
+ if ($state->isType(MyDefinition::ALL_PROPERTIES_TAINTED)) {
+ $myState->addType(MyDefinition::ALL_PROPERTIES_TAINTED);
+ foreach ($state->getTaintedByDefs() as $taintedDef) {
+ $myState->addTaintedByDef($taintedDef);
+ }
+ }
+
+ if ($state->isType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED)) {
+ $myState->addType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED);
+ foreach ($state->getTaintedByDefs() as $taintedDef) {
+ $myState->addTaintedByDef($taintedDef);
+ }
+ }
+
+ foreach ($state->getLastKnownValues() as $value) {
+ $myState->addLastKnownValue($value);
+ }
+
+ $myState->setIsEmbeddedByChars($state->getIsEmbeddedByChars(), true);
+ $myState->setCast($state->getCast());
+ $myState->setLabel($state->getLabel());
+ }
+
+ foreach ($sanitizedTypes as $TypeKey => $arrayValue) {
+ if (count($arrayValue) === count($states)) {
+ $myState->setSanitized(true);
+ $myState->addTypeSanitized($TypeKey);
+ }
+ }
+
+ return $myState;
+ }
+}
diff --git a/package/src/progpilot/Inputs/MyCustomFunction.php b/package/src/progpilot/Inputs/MyCustomFunction.php
index b12637dd..4164aad1 100644
--- a/package/src/progpilot/Inputs/MyCustomFunction.php
+++ b/package/src/progpilot/Inputs/MyCustomFunction.php
@@ -36,9 +36,23 @@ public function __construct($name, $language, $orderNumberExpected = 0)
$this->parameters = [];
}
- public function addParameter($parameter, $validbydefault, $fixed, $values = null)
- {
- $this->parameters[] = [$parameter, $values, $validbydefault, $fixed];
+ public function addParameter(
+ $parameter,
+ $validbydefault,
+ $fixed,
+ $sufficient,
+ $failifnotverified,
+ $notequals,
+ $values = null
+ ) {
+ $this->parameters[] = [
+ $parameter,
+ $values,
+ $validbydefault,
+ $fixed,
+ $sufficient,
+ $failifnotverified,
+ $notequals];
}
public function getParameters()
@@ -56,12 +70,24 @@ public function setHasParameters($hasParameters)
$this->hasParameters = $hasParameters;
}
+ public function isParameterSufficient($i)
+ {
+ foreach ($this->parameters as $parameter) {
+ $index = $parameter[0];
+ $sufficient = $parameter[4];
+
+ if ($index === $i) {
+ return $sufficient;
+ }
+ }
+
+ return false;
+ }
+
public function isParameterFixed($i)
{
foreach ($this->parameters as $parameter) {
$index = $parameter[0];
- $values = $parameter[1];
- $validbydefault = $parameter[2];
$fixed = $parameter[3];
if ($index === $i) {
@@ -76,7 +102,6 @@ public function isParameterValidByDefault($i)
{
foreach ($this->parameters as $parameter) {
$index = $parameter[0];
- $values = $parameter[1];
$validbydefault = $parameter[2];
if ($index === $i) {
diff --git a/package/src/progpilot/Inputs/MyInputs.php b/package/src/progpilot/Inputs/MyInputs.php
index 83b9eee6..38b13e4b 100644
--- a/package/src/progpilot/Inputs/MyInputs.php
+++ b/package/src/progpilot/Inputs/MyInputs.php
@@ -12,129 +12,19 @@
use progpilot\Lang;
use progpilot\Utils;
-use progpilot\Objects\MyFunction;
-use progpilot\Objects\MyDefinition;
-class MyInputs
+class MyInputs extends MyInputsInternalApi
{
- private $languages;
- private $frameworks;
-
- private $customRules;
-
- private $sanitizers;
- private $sinks;
- private $sources;
- private $validators;
- private $falsePositivesAnalysis;
- private $excludesFilesAnalysis;
- private $includesFilesAnalysis;
- private $excludesFoldersAnalysis;
- private $includesFoldersAnalysis;
-
- private $customFile;
- private $resolvedIncludes;
- private $falsePositives;
- private $sourcesFile;
- private $sinksFile;
- private $sanitizersFile;
- private $validatorsFile;
- private $includes;
- private $excludes;
-
- private $file;
- private $code;
- private $folder;
-
- public function __construct()
- {
- $this->dev = false;
- $this->languages = ["php"];
- $this->frameworks = ["suitecrm", "codeigniter", "wordpress", "prestashop", "symfony"];
-
- $this->customRules = [];
- $this->resolvedIncludesAnalysis = [];
- $this->sanitizers = [];
- $this->sinks = [];
- $this->sources = [];
- $this->validators = [];
- $this->falsePositivesAnalysis = [];
- $this->excludesFilesAnalysis = [];
- $this->includesFilesAnalysis = [];
- $this->excludesFoldersAnalysis = [];
- $this->includesFoldersAnalysis = [];
-
- $this->customFile = null;
- $this->falsePositives= null;
- $this->resolvedIncludes = null;
- $this->sanitizersFile = null;
- $this->sinksFile = null;
- $this->sourcesFile = null;
- $this->validatorsFile = null;
- $this->excludes = null;
- $this->includes = null;
-
- $this->file = null;
- $this->code = null;
- $this->folder = null;
- }
-
-
- public function setFrameworks($frameworks)
- {
- $this->frameworks = $frameworks;
- }
-
public function setLanguages($languages)
{
$this->languages = $languages;
}
-
- public function isLanguage($lang)
- {
- return in_array($lang, $this->languages, true);
- }
public function getLanguages()
{
return $this->languages;
}
- public function getFrameworks()
- {
- return $this->frameworks;
- }
-
- public function getSinksFile()
- {
- return $this->sinksFile;
- }
-
- public function getSourcesFile()
- {
- return $this->sourcesFile;
- }
-
- public function getValidatorsFile()
- {
- return $this->validatorsFile;
- }
-
- public function getSanitizersFile()
- {
- return $this->sanitizersFile;
- }
-
- public function getIncludedFiles()
- {
- return $this->includesFilesAnalysis;
- }
-
- public function getIncludedFolders()
- {
- return $this->includesFoldersAnalysis;
- }
-
public function getFolder()
{
return $this->folder;
@@ -165,358 +55,95 @@ public function setCode($code)
$this->code = $code;
}
- public function isExcludedFolder($name)
+ public function getDev()
{
- $name = realpath($name);
- foreach ($this->excludesFoldersAnalysis as $excludeName) {
- if (strpos($name, realpath($excludeName)) === 0) {
- return true;
- }
- }
-
- return false;
+ return $this->dev;
}
- public function isIncludedFolder($name)
+ public function setDev($dev)
{
- $name = realpath($name);
- foreach ($this->includesFoldersAnalysis as $includeName) {
- if (strpos($name, realpath($includeName)) === 0) {
- return true;
- }
- }
-
- return false;
- }
+ $this->dev = $dev;
- public function isExcludedFile($name)
- {
- $name = realpath($name);
- foreach ($this->excludesFilesAnalysis as $excludeName) {
- if (realpath($excludeName) === $name) {
- return true;
- }
- }
-
- foreach ($this->excludesFoldersAnalysis as $excludeName) {
- $realExcludeName = realpath($excludeName);
- $folderfirst = substr($name, 0, strlen($realExcludeName));
- if ($realExcludeName === $folderfirst) {
- return true;
- }
+ if ($this->dev) {
+ $sanitizersfile = __DIR__."/../../uptodate_data/php/dev/sanitizers.json";
+ $this->readSanitizersFile($sanitizersfile);
+
+ $sinksfile = __DIR__."/../../uptodate_data/php/dev/sinks.json";
+ $this->readSinksFile($sinksfile);
+
+ $sourcesfile = __DIR__."/../../uptodate_data/php/dev/sources.json";
+ $this->readSourcesFile($sourcesfile);
+
+ $validatorsfile = __DIR__."/../../uptodate_data/php/dev/validators.json";
+ $this->readValidatorsFile($validatorsfile);
+
+ $customsfile = __DIR__."/../../uptodate_data/php/dev/rules.json";
+ $this->readCustomFile($customsfile);
}
-
- return false;
}
- public function isIncludedFile($name)
+ public function addSources($files)
{
- $name = realpath($name);
- foreach ($this->includesFilesAnalysis as $includeName) {
- if (realpath($includeName) === $name) {
- return true;
+ if (is_array($files)) {
+ foreach ($files as $file) {
+ $this->readSourcesFile($file);
}
+ } else {
+ $this->readSourcesFile($files);
}
-
- return false;
}
- public function getIncludeByLocation($line, $column, $sourceFile)
+ public function setSources($files)
{
- foreach ($this->resolvedIncludesAnalysis as $myInclude) {
- if ($myInclude->getLine() === $line
- && $myInclude->getColumn() === $column
- && $myInclude->getSourceFile() === $sourceFile) {
- return $myInclude;
- }
- }
-
- return null;
+ $this->overwrittenSources = true;
+ $this->sources = [];
+ $this->addSources($files);
}
- public function getValidatorByName($context, $stackClass, $myFunc, $myClass)
+ public function getSources()
{
- foreach ($this->validators as $myValidator) {
- if ($myValidator->getName() === $myFunc->getName()) {
- if (!$myValidator->isInstance() && !$myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- return $myValidator;
- }
-
- if ($myValidator->isInstance() && $myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- if (!is_null($myClass) &&
- ($myValidator->getInstanceOfName() === $myClass->getName()
- || $myValidator->getInstanceOfName() === $myClass->getExtendsOf())) {
- return $myValidator;
- }
-
- if ($myValidator->getLanguage() === "php") {
- $propertiesValidator = explode("->", $myValidator->getInstanceOfName());
- } elseif ($myValidator->getLanguage() === "js") {
- $propertiesValidator = explode(".", $myValidator->getInstanceOfName());
- }
-
- if (is_array($propertiesValidator)) {
- $myValidatorInstanceName = $propertiesValidator[0];
-
- $myValidatorNumberOfProperties = count($propertiesValidator);
- $stackNumberOfProperties = count($stackClass);
-
- if ($stackNumberOfProperties >= $myValidatorNumberOfProperties) {
- $knownProperties =
- $stackClass[$stackNumberOfProperties - $myValidatorNumberOfProperties];
-
- foreach ($knownProperties as $propClass) {
- $objectId = $propClass->getObjectId();
- $myClass = $context->getObjects()->getMyClassFromObject($objectId);
-
- if (($myClass->getName() === $myValidatorInstanceName
- || $myClass->getExtendsOf() === $myValidatorInstanceName)) {
- return $myValidator;
- }
- }
- }
- }
- }
- }
- }
-
- return null;
+ return $this->sources;
}
- public function getSanitizerByName($context, $stackClass, $myFunc, $myClass)
+ public function addSinks($files)
{
- foreach ($this->sanitizers as $mySanitizer) {
- if ($mySanitizer->getName() === $myFunc->getName()) {
- if (!$mySanitizer->isInstance() && !$myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- return $mySanitizer;
- }
-
- if ($mySanitizer->isInstance() && $myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- if (!is_null($myClass) &&
- ($mySanitizer->getInstanceOfName() === $myClass->getName()
- || $mySanitizer->getInstanceOfName() === $myClass->getExtendsOf())) {
- return $mySanitizer;
- }
-
- if ($mySanitizer->getLanguage() === "php") {
- $propertiesSanitizer = explode("->", $mySanitizer->getInstanceOfName());
- } elseif ($mySanitizer->getLanguage() === "js") {
- $propertiesSanitizer = explode(".", $mySanitizer->getInstanceOfName());
- }
-
- if (is_array($propertiesSanitizer)) {
- $mySanitizerInstanceName = $propertiesSanitizer[0];
-
- $mySanitizerNumberOfProperties = count($propertiesSanitizer);
- $stackNumberOfProperties = count($stackClass);
-
- if ($stackNumberOfProperties >= $mySanitizerNumberOfProperties) {
- $knownProperties =
- $stackClass[$stackNumberOfProperties - $mySanitizerNumberOfProperties];
-
- foreach ($knownProperties as $propClass) {
- $objectId = $propClass->getObjectId();
- $myClass = $context->getObjects()->getMyClassFromObject($objectId);
-
- if (!is_null($myClass) && ($myClass->getName() === $mySanitizerInstanceName
- || $myClass->getExtendsOf() === $mySanitizerInstanceName)) {
- return $mySanitizer;
- }
- }
- }
- }
- }
+ if (is_array($files)) {
+ foreach ($files as $file) {
+ $this->readSinksFile($file);
}
+ } else {
+ $this->readSinksFile($files);
}
-
- return null;
}
- public function getSinkByName($context, $stackClass, $myFunc, $myClass)
+ public function getSinks()
{
- foreach ($this->sinks as $mySink) {
- if ($mySink->getName() === $myFunc->getName()) {
- if (!$mySink->isInstance() && !$myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- return $mySink;
- }
-
- if ($mySink->isInstance() && $myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
- if (!is_null($myClass)
- && ($mySink->getInstanceOfName() === $myClass->getName()
- || $mySink->getInstanceOfName() === $myClass->getExtendsOf())) {
- return $mySink;
- }
-
- if ($mySink->getLanguage() === "php") {
- $propertiesSink = explode("->", $mySink->getInstanceOfName());
- } elseif ($mySink->getLanguage() === "js") {
- $propertiesSink = explode(".", $mySink->getInstanceOfName());
- }
-
- if (is_array($propertiesSink)) {
- $mySinkInstanceName = $propertiesSink[0];
-
- $mySinkNumberOfProperties = count($propertiesSink);
- $stackNumberOfProperties = count($stackClass);
-
- if ($stackNumberOfProperties >= $mySinkNumberOfProperties) {
- $knownProperties =
- $stackClass[$stackNumberOfProperties - $mySinkNumberOfProperties];
-
- foreach ($knownProperties as $propClass) {
- $objectId = $propClass->getObjectId();
- $myClass = $context->getObjects()->getMyClassFromObject($objectId);
-
- if (!is_null($myClass)
- && ($myClass->getName() === $mySinkInstanceName
- || $myClass->getExtendsOf() === $mySinkInstanceName)) {
- return $mySink;
- }
- }
- }
- }
- }
- }
- }
-
- return null;
- }
-
- public function getSourceArrayByName(
- $myFuncOrDef,
- $arrValue = false
- ) {
- foreach ($this->sources as $mySource) {
- if ($mySource->getName() === $myFuncOrDef->getName()
- && $mySource->getIsArray()
- && $arrValue === false) {
- return $mySource;
- }
- }
-
- return null;
+ return $this->sinks;
}
-
- public function getSourceByName(
- $stackClass,
- $myFuncOrDef,
- $isFunction = false,
- $instanceName = false,
- $arrValue = false
- ) {
- foreach ($this->sources as $mySource) {
- $checkName = false;
- if (!$isFunction && $myFuncOrDef->isType(MyDefinition::TYPE_PROPERTY)) {
- $properties = $myFuncOrDef->property->getProperties();
- if (is_array($properties) && count($properties) > 0) {
- $lastproperty = $properties[count($properties) - 1];
- if ($lastproperty === $mySource->getName()) {
- $checkName = true;
- }
- }
- }
-
- if (($mySource->getName() === $myFuncOrDef->getName()) || $checkName) {
- $checkFunction = false;
- $checkArray = false;
- $checkInstance = false;
-
- if (!$instanceName && !$mySource->isInstance()) {
- $checkInstance = true;
- }
-
- if ($instanceName && $mySource->isInstance()) {
- if ($mySource->getInstanceOfName() === $instanceName) {
- $checkInstance = true;
- }
-
- if ($mySource->getLanguage() === "php") {
- $propertiesSource = explode("->", $mySource->getInstanceOfName());
- } elseif ($mySource->getLanguage() === "js") {
- $propertiesSource = explode(".", $mySource->getInstanceOfName());
- }
-
- if (is_array($propertiesSource)) {
- $mySourceInstanceName = $propertiesSource[0];
-
- $mySourceNumberOfProperties = count($propertiesSource);
- $stackNumberOfProperties = count($stackClass);
-
- if ($stackNumberOfProperties >= $mySourceNumberOfProperties) {
- $knownProperties =
- $stackClass[$stackNumberOfProperties - $mySourceNumberOfProperties];
-
- foreach ($knownProperties as $propClass) {
- if ($propClass->getName() === $mySourceInstanceName) {
- $checkInstance = true;
- }
- }
- }
- }
- }
-
- if ($mySource->isFunction() === $isFunction) {
- $checkFunction = true;
- }
-
- // if we request an array the source must be an array
- // and array nots equals (like $_GET["p"])
- if (($arrValue !== false && $arrValue !== "PROGPILOT_ALL_INDEX_TAINTED"
- && $mySource->getIsArray()
- && is_null($mySource->getArrayValue()))
- // or we don't request an array
- // and the source is not an array (echo $hardcoded_tainted)
- || (!$arrValue && !$mySource->getIsArray())
- // or we don't request an array
- // if mysource is a function and a array like that :
- // $row = mysqli_fetch_assoc()
- // echo $row[0]
- // we don't want an array ie : $row = mysqli_fetch_assoc()[0]
- || (!$arrValue && $mySource->isFunction() && $mySource->getIsArray())) {
- $checkArray = true;
- }
-
- // if we request an array the source must be an array and array value equals
- if (($arrValue !== false && $arrValue !== "PROGPILOT_ALL_INDEX_TAINTED"
- && $mySource->getIsArray()
- && !is_null($mySource->getArrayValue())
- && $mySource->getArrayValue() === $arrValue)) {
- $checkArray = true;
- }
-
- if ($checkArray && $checkInstance && $checkFunction) {
- return $mySource;
- }
- }
- }
- return null;
+ public function setSinks($files)
+ {
+ $this->overwrittenSinks = true;
+ $this->sinks = [];
+ $this->addSinks($files);
}
- public function getFalsePositiveById($id)
+ public function addValidators($files)
{
- foreach ($this->falsePositivesAnalysis as $falsePositive) {
- if ($falsePositive->getId() === $id) {
- return $falsePositive;
+ if (is_array($files)) {
+ foreach ($files as $file) {
+ $this->readValidatorsFile($file);
}
+ } else {
+ $this->readValidatorsFile($files);
}
-
- return null;
- }
-
- public function getSanitizers()
- {
- return $this->sanitizers;
- }
-
- public function getSinks()
- {
- return $this->sinks;
}
- public function getSources()
+ public function setValidators($files)
{
- return $this->sources;
+ $this->overwrittenValidators = true;
+ $this->validators = [];
+ $this->addValidators($files);
}
public function getValidators()
@@ -524,34 +151,45 @@ public function getValidators()
return $this->validators;
}
- public function getResolvedIncludes()
- {
- return $this->resolvedIncludes;
- }
-
- public function getFalsePositives()
+ public function addSanitizers($files)
{
- return $this->falsePositives;
+ if (is_array($files)) {
+ foreach ($files as $file) {
+ $this->readSanitizersFile($file);
+ }
+ } else {
+ $this->readSanitizersFile($files);
+ }
}
- public function getIncludes()
+ public function setSanitizers($files)
{
- return $this->includes;
+ $this->overwrittenSanitizers = true;
+ $this->sanitizers = [];
+ $this->addSanitizers($files);
}
- public function getExcludes()
+ public function getSanitizers()
{
- return $this->excludes;
+ return $this->sanitizers;
}
- public function getDev()
+ public function addCustomRules($files)
{
- return $this->dev;
+ if (is_array($files)) {
+ foreach ($files as $file) {
+ $this->readCustomFile($file);
+ }
+ } else {
+ $this->readCustomFile($files);
+ }
}
- public function setDev($dev)
+ public function setCustomRules($files)
{
- $this->dev = $dev;
+ $this->overwrittenCustomRules = true;
+ $this->customRules = [];
+ $this->addCustomRules($files);
}
public function getCustomRules()
@@ -559,1117 +197,102 @@ public function getCustomRules()
return $this->customRules;
}
- public function setCustomRules($file)
+ public function setResolvedIncludes($resolvedIncludes)
{
- $this->customFile = $file;
- }
+ if (!is_null($resolvedIncludes)) {
+ if (!file_exists($resolvedIncludes)) {
+ Utils::printError(
+ Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($resolvedIncludes).")"
+ );
+ }
- public function setIncludeFiles($file)
- {
- $this->includesFile = $file;
- }
+ $outputJson = file_get_contents($resolvedIncludes);
+ $parsedJson = json_decode($outputJson);
- public function setExcludes($arr)
- {
- $this->excludes = $arr;
- }
+ if (isset($parsedJson-> {'includes'})) {
+ $includes = $parsedJson-> {'includes'};
+ foreach ($includes as $include) {
+ if (!isset($include-> {'line'})
+ || !isset($include-> {'column'})
+ || !isset($include-> {'source_file'})
+ || !isset($include-> {'value'})) {
+ Utils::printError(Lang::FORMAT_INCLUDES);
+ }
- public function setIncludes($arr)
- {
- $this->includes = $arr;
- }
+ if (realpath($include-> {'source_file'})) {
+ $line = $include-> {'line'};
+ $column = $include-> {'column'};
+ $sourceFile = realpath($include-> {'source_file'});
+ $value = $include-> {'value'};
- public function setFalsePositives($arr)
+ $myInclude = new MyInclude($line, $column, $sourceFile, $value);
+ if (!in_array($myInclude, $this->resolvedIncludesAnalysis, true)) {
+ $this->resolvedIncludesAnalysis[] = $myInclude;
+ }
+ }
+ }
+ } else {
+ Utils::printError(Lang::FORMAT_INCLUDES);
+ }
+ }
+ }
+
+ public function getFalsePositives()
{
- $this->falsePositives = $arr;
+ return $this->falsePositivesAnalysis;
}
- public function setResolvedIncludes($arr)
+ public function setFalsePositives($falsePositives)
{
- $this->resolvedIncludes = $arr;
+ $this->readFalsePositives($falsePositives);
}
- public function setSources($file)
+ public function getInclusions()
{
- $this->sourcesFile = $file;
+ return $this->includesFilesAnalysis;
}
- public function setSinks($file)
+ public function getExclusions()
{
- $this->sinksFile = $file;
+ return $this->excludesFilesAnalysis;
}
- public function setSanitizers($file)
+ public function setExclusions($exclusions)
{
- $this->sanitizersFile = $file;
+ $this->excludesFilesAnalysis = [];
+ $this->addExclusions($exclusions);
}
- public function setValidators($file)
+ public function setInclusions($inclusions)
{
- $this->validatorsFile = $file;
+ $this->includesFilesAnalysis = [];
+ $this->addInclusions($inclusions);
}
- public function readDev()
+ public function addExclusions($exclusions)
{
- if ($this->dev) {
- $sanitizersfile = __DIR__."/../../uptodate_data/php/dev/sanitizers.json";
- $this->readSanitizersFile($sanitizersfile);
-
- $sinksfile = __DIR__."/../../uptodate_data/php/dev/sinks.json";
- $this->readSinksFile($sinksfile);
-
- $sourcesfile = __DIR__."/../../uptodate_data/php/dev/sources.json";
- $this->readSourcesFile($sourcesfile);
-
- $validatorsfile = __DIR__."/../../uptodate_data/php/dev/validators.json";
- $this->readValidatorsFile($validatorsfile);
-
- $customsfile = __DIR__."/../../uptodate_data/php/dev/rules.json";
- $this->readCustomFile($customsfile);
+ if (!is_null($exclusions)) {
+ if (is_string($exclusions)) {
+ $this->readExcludesFile($exclusions);
+ } elseif (is_array($exclusions)) {
+ foreach ($exclusions as $excludeFile) {
+ if (is_string($excludeFile) && !in_array($excludeFile, $this->excludesFilesAnalysis, true)) {
+ $this->excludesFilesAnalysis[] = $excludeFile;
+ }
+ }
+ }
}
}
- public function readFrameworks()
+ public function addInclusions($inclusions)
{
- if (is_array($this->frameworks) && in_array("suitecrm", $this->frameworks, true)) {
- $sanitizersfile = __DIR__."/../../uptodate_data/php/frameworks/suitecrm/sanitizers.json";
-
- if (is_array($this->sanitizersFile)) {
- if (!in_array($sanitizersfile, $this->sanitizersFile, true)) {
- $this->readSanitizersFile($sanitizersfile);
- }
- } else {
- if ($this->sanitizersFile !== $sanitizersfile) {
- $this->readSanitizersFile($sanitizersfile);
- }
- }
-
- $sinksfile = __DIR__."/../../uptodate_data/php/frameworks/suitecrm/sinks.json";
-
- if (is_array($this->sinksFile)) {
- if (!in_array($sinksfile, $this->sinksFile, true)) {
- $this->readSinksFile($sinksfile);
- }
- } else {
- if ($this->sinksFile !== $sinksfile) {
- $this->readSinksFile($sinksfile);
- }
- }
-
- $sourcesfile = __DIR__."/../../uptodate_data/php/frameworks/suitecrm/sources.json";
-
- if (is_array($this->sourcesFile)) {
- if (!in_array($sourcesfile, $this->sourcesFile, true)) {
- $this->readSourcesFile($sourcesfile);
- }
- } else {
- if ($this->sourcesFile !== $sourcesfile) {
- $this->readSourcesFile($sourcesfile);
- }
- }
-
- $validatorsfile = __DIR__."/../../uptodate_data/php/frameworks/suitecrm/validators.json";
-
- if (is_array($this->validatorsFile)) {
- if (!in_array($validatorsfile, $this->validatorsFile, true)) {
- $this->readValidatorsFile($validatorsfile);
- }
- } else {
- if ($this->validatorsFile !== $validatorsfile) {
- $this->readValidatorsFile($validatorsfile);
- }
- }
-
- $rulesfile = __DIR__."/../../uptodate_data/php/frameworks/suitecrm/rules.json";
-
- if (is_array($this->customFile)) {
- if (!in_array($rulesfile, $this->customFile, true)) {
- $this->readCustomFile($rulesfile);
- }
- } else {
- if ($this->customFile !== $rulesfile) {
- $this->readCustomFile($rulesfile);
- }
- }
- }
-
- if (is_array($this->frameworks) && in_array("codeigniter", $this->frameworks, true)) {
- $sanitizersfile = __DIR__."/../../uptodate_data/php/frameworks/codeigniter/sanitizers.json";
-
- if (is_array($this->sanitizersFile)) {
- if (!in_array($sanitizersfile, $this->sanitizersFile, true)) {
- $this->readSanitizersFile($sanitizersfile);
- }
- } else {
- if ($this->sanitizersFile !== $sanitizersfile) {
- $this->readSanitizersFile($sanitizersfile);
- }
- }
-
- $sinksfile = __DIR__."/../../uptodate_data/php/frameworks/codeigniter/sinks.json";
-
- if (is_array($this->sinksFile)) {
- if (!in_array($sinksfile, $this->sinksFile, true)) {
- $this->readSinksFile($sinksfile);
- }
- } else {
- if ($this->sinksFile !== $sinksfile) {
- $this->readSinksFile($sinksfile);
- }
- }
-
- $sourcesfile = __DIR__."/../../uptodate_data/php/frameworks/codeigniter/sources.json";
-
- if (is_array($this->sourcesFile)) {
- if (!in_array($sourcesfile, $this->sourcesFile, true)) {
- $this->readSourcesFile($sourcesfile);
- }
- } else {
- if ($this->sourcesFile !== $sourcesfile) {
- $this->readSourcesFile($sourcesfile);
- }
- }
-
- $validatorsfile = __DIR__."/../../uptodate_data/php/frameworks/codeigniter/validators.json";
-
- if (is_array($this->validatorsFile)) {
- if (!in_array($validatorsfile, $this->validatorsFile, true)) {
- $this->readValidatorsFile($validatorsfile);
- }
- } else {
- if ($this->validatorsFile !== $validatorsfile) {
- $this->readValidatorsFile($validatorsfile);
- }
- }
-
- $rulesfile = __DIR__."/../../uptodate_data/php/frameworks/codeigniter/rules.json";
-
- if (is_array($this->customFile)) {
- if (!in_array($rulesfile, $this->customFile, true)) {
- $this->readCustomFile($rulesfile);
- }
- } else {
- if ($this->customFile !== $rulesfile) {
- $this->readCustomFile($rulesfile);
- }
- }
- }
-
-
- if (is_array($this->frameworks) && in_array("wordpress", $this->frameworks, true)) {
- $sanitizersfile = __DIR__."/../../uptodate_data/php/frameworks/wordpress/sanitizers.json";
-
- if (is_array($this->sanitizersFile)) {
- if (!in_array($sanitizersfile, $this->sanitizersFile, true)) {
- $this->readSanitizersFile($sanitizersfile);
- }
- } else {
- if ($this->sanitizersFile !== $sanitizersfile) {
- $this->readSanitizersFile($sanitizersfile);
- }
- }
-
- $sinksfile = __DIR__."/../../uptodate_data/php/frameworks/wordpress/sinks.json";
-
- if (is_array($this->sinksFile)) {
- if (!in_array($sinksfile, $this->sinksFile, true)) {
- $this->readSinksFile($sinksfile);
- }
- } else {
- if ($this->sinksFile !== $sinksfile) {
- $this->readSinksFile($sinksfile);
- }
- }
-
- $sourcesfile = __DIR__."/../../uptodate_data/php/frameworks/wordpress/sources.json";
-
- if (is_array($this->sourcesFile)) {
- if (!in_array($sourcesfile, $this->sourcesFile, true)) {
- $this->readSourcesFile($sourcesfile);
- }
- } else {
- if ($this->sourcesFile !== $sourcesfile) {
- $this->readSourcesFile($sourcesfile);
- }
- }
-
- $validatorsfile = __DIR__."/../../uptodate_data/php/frameworks/wordpress/validators.json";
-
- if (is_array($this->validatorsFile)) {
- if (!in_array($validatorsfile, $this->validatorsFile, true)) {
- $this->readValidatorsFile($validatorsfile);
- }
- } else {
- if ($this->validatorsFile !== $validatorsfile) {
- $this->readValidatorsFile($validatorsfile);
- }
- }
-
- $rulesfile = __DIR__."/../../uptodate_data/php/frameworks/wordpress/rules.json";
-
- if (is_array($this->customFile)) {
- if (!in_array($rulesfile, $this->customFile, true)) {
- $this->readCustomFile($rulesfile);
- }
- } else {
- if ($this->customFile !== $rulesfile) {
- $this->readCustomFile($rulesfile);
- }
- }
- }
-
-
- if (is_array($this->frameworks) && in_array("symfony", $this->frameworks, true)) {
- $sanitizersfile = __DIR__."/../../uptodate_data/php/frameworks/symfony/sanitizers.json";
-
- if (is_array($this->sanitizersFile)) {
- if (!in_array($sanitizersfile, $this->sanitizersFile, true)) {
- $this->readSanitizersFile($sanitizersfile);
- }
- } else {
- if ($this->sanitizersFile !== $sanitizersfile) {
- $this->readSanitizersFile($sanitizersfile);
- }
- }
-
- $sinksfile = __DIR__."/../../uptodate_data/php/frameworks/symfony/sinks.json";
-
- if (is_array($this->sinksFile)) {
- if (!in_array($sinksfile, $this->sinksFile, true)) {
- $this->readSinksFile($sinksfile);
- }
- } else {
- if ($this->sinksFile !== $sinksfile) {
- $this->readSinksFile($sinksfile);
- }
- }
-
- $sourcesfile = __DIR__."/../../uptodate_data/php/frameworks/symfony/sources.json";
-
- if (is_array($this->sourcesFile)) {
- if (!in_array($sourcesfile, $this->sourcesFile, true)) {
- $this->readSourcesFile($sourcesfile);
- }
- } else {
- if ($this->sourcesFile !== $sourcesfile) {
- $this->readSourcesFile($sourcesfile);
- }
- }
-
- $validatorsfile = __DIR__."/../../uptodate_data/php/frameworks/symfony/validators.json";
-
- if (is_array($this->validatorsFile)) {
- if (!in_array($validatorsfile, $this->validatorsFile, true)) {
- $this->readValidatorsFile($validatorsfile);
- }
- } else {
- if ($this->validatorsFile !== $validatorsfile) {
- $this->readValidatorsFile($validatorsfile);
- }
- }
-
- $rulesfile = __DIR__."/../../uptodate_data/php/frameworks/symfony/rules.json";
-
- if (is_array($this->customFile)) {
- if (!in_array($rulesfile, $this->customFile, true)) {
- $this->readCustomFile($rulesfile);
- }
- } else {
- if ($this->customFile !== $rulesfile) {
- $this->readCustomFile($rulesfile);
- }
- }
- }
-
-
- if (is_array($this->frameworks) && in_array("prestashop", $this->frameworks, true)) {
- $sanitizersfile = __DIR__."/../../uptodate_data/php/frameworks/prestashop/sanitizers.json";
-
- if (is_array($this->sanitizersFile)) {
- if (!in_array($sanitizersfile, $this->sanitizersFile, true)) {
- $this->readSanitizersFile($sanitizersfile);
- }
- } else {
- if ($this->sanitizersFile !== $sanitizersfile) {
- $this->readSanitizersFile($sanitizersfile);
- }
- }
-
- $sinksfile = __DIR__."/../../uptodate_data/php/frameworks/prestashop/sinks.json";
-
- if (is_array($this->sinksFile)) {
- if (!in_array($sinksfile, $this->sinksFile, true)) {
- $this->readSinksFile($sinksfile);
- }
- } else {
- if ($this->sinksFile !== $sinksfile) {
- $this->readSinksFile($sinksfile);
- }
- }
-
- $sourcesfile = __DIR__."/../../uptodate_data/php/frameworks/prestashop/sources.json";
-
- if (is_array($this->sourcesFile)) {
- if (!in_array($sourcesfile, $this->sourcesFile, true)) {
- $this->readSourcesFile($sourcesfile);
- }
- } else {
- if ($this->sourcesFile !== $sourcesfile) {
- $this->readSourcesFile($sourcesfile);
- }
- }
-
- $validatorsfile = __DIR__."/../../uptodate_data/php/frameworks/prestashop/validators.json";
-
- if (is_array($this->validatorsFile)) {
- if (!in_array($validatorsfile, $this->validatorsFile, true)) {
- $this->readValidatorsFile($validatorsfile);
- }
- } else {
- if ($this->validatorsFile !== $validatorsfile) {
- $this->readValidatorsFile($validatorsfile);
- }
- }
-
- $rulesfile = __DIR__."/../../uptodate_data/php/frameworks/prestashop/rules.json";
-
- if (is_array($this->customFile)) {
- if (!in_array($rulesfile, $this->customFile, true)) {
- $this->readCustomFile($rulesfile);
- }
- } else {
- if ($this->customFile !== $rulesfile) {
- $this->readCustomFile($rulesfile);
- }
- }
- }
- }
-
- public function readSanitizers()
- {
- if (is_null($this->sanitizersFile)) {
- $this->readSanitizersFile(__DIR__."/../../uptodate_data/php/sanitizers.json");
- $this->readSanitizersFile(__DIR__."/../../uptodate_data/js/sanitizers.json");
- } else {
- if (is_array($this->sanitizersFile)) {
- foreach ($this->sanitizersFile as $file) {
- $this->readSanitizersFile($file);
- }
- } else {
- $this->readSanitizersFile($this->sanitizersFile);
- }
- }
- }
-
- public function readSanitizersFile($file)
- {
- if (!is_null($file)) {
- if (!file_exists($file)) {
- Utils::printError(Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")");
- }
-
- $outputJson = file_get_contents($file);
-
- $parsedJson = json_decode($outputJson);
-
- if (isset($parsedJson-> {'sanitizers'})) {
- $sanitizers = $parsedJson-> {'sanitizers'};
- foreach ($sanitizers as $sanitizer) {
- if (!isset($sanitizer-> {'name'})
- || !isset($sanitizer-> {'language'})) {
- Utils::printError(Lang::FORMAT_SANITIZERS);
- }
-
- $name = $sanitizer-> {'name'};
- $language = $sanitizer-> {'language'};
-
- $prevent = [];
- if (isset($sanitizer-> {'prevent'})) {
- $prevent = $sanitizer-> {'prevent'};
- }
-
- $mySanitizer = new MySanitizer($name, $language, $prevent);
-
- if (isset($sanitizer-> {'instanceof'})) {
- $mySanitizer->setIsInstance(true);
- $mySanitizer->setInstanceOfName($sanitizer-> {'instanceof'});
- }
-
- if (isset($sanitizer-> {'parameters'})) {
- $parameters = $sanitizer-> {'parameters'};
- foreach ($parameters as $parameter) {
- if (isset($parameter-> {'id'}) && isset($parameter-> {'conditions'})) {
- if (is_int($parameter-> {'id'})
- && ($parameter-> {'conditions'} === "equals"
- || $parameter-> {'conditions'} === "taint"
- || $parameter-> {'conditions'} === "sanitize")) {
- if ($parameter-> {'conditions'} === "equals") {
- if (isset($parameter-> {'values'})) {
- $mySanitizer->addParameter(
- $parameter-> {'id'},
- $parameter-> {'conditions'},
- $parameter-> {'values'}
- );
- }
- } else {
- $mySanitizer->addParameter(
- $parameter-> {'id'},
- $parameter-> {'conditions'}
- );
- }
- }
- }
- }
-
- $mySanitizer->setHasParameters(true);
- }
-
- $this->sanitizers[] = $mySanitizer;
- }
- } else {
- Utils::printError(Lang::FORMAT_SANITIZERS);
- }
- }
- }
-
- public function readSinks()
- {
- if (is_null($this->sinksFile)) {
- $this->readSinksFile(__DIR__."/../../uptodate_data/php/sinks.json");
- $this->readSinksFile(__DIR__."/../../uptodate_data/js/sinks.json");
- } else {
- if (is_array($this->sinksFile)) {
- foreach ($this->sinksFile as $file) {
- $this->readSinksFile($file);
- }
- } else {
- $this->readSinksFile($this->sinksFile);
- }
- }
- }
-
- public function readSinksFile($file)
- {
- if (!is_null($file)) {
- if (!file_exists($file)) {
- Utils::printError(Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")");
- }
-
- $outputJson = file_get_contents($file);
- $parsedJson = json_decode($outputJson);
-
- if (isset($parsedJson-> {'sinks'})) {
- $sinks = $parsedJson-> {'sinks'};
- foreach ($sinks as $sink) {
- if (!isset($sink-> {'name'})
- || !isset($sink-> {'language'})
- || !isset($sink-> {'attack'})
- || !isset($sink-> {'cwe'})) {
- Utils::printError(Lang::FORMAT_SINKS);
- }
-
- $name = $sink-> {'name'};
- $language = $sink-> {'language'};
- $attack = $sink-> {'attack'};
- $cwe = $sink-> {'cwe'};
-
- $mySink = new MySink($name, $language, $attack, $cwe);
-
- if (isset($sink-> {'instanceof'})) {
- $mySink->setIsInstance(true);
- $mySink->setInstanceOfName($sink-> {'instanceof'});
- }
-
- if (isset($sink-> {'conditions'})) {
- $mySink->addGlobalconditions($sink-> {'conditions'});
- }
-
- if (isset($sink-> {'parameters'})) {
- $parameters = $sink-> {'parameters'};
- foreach ($parameters as $parameter) {
- if (isset($parameter-> {'id'}) && is_int($parameter-> {'id'})) {
- if (isset($parameter-> {'conditions'})) {
- $mySink->addParameter($parameter-> {'id'}, $parameter-> {'conditions'});
- } else {
- $mySink->addParameter($parameter-> {'id'});
- }
- }
- }
-
- $mySink->setHasParameters(true);
- }
-
- $this->sinks[] = $mySink;
- }
- } else {
- Utils::printError(Lang::FORMAT_SINKS);
- }
- }
- }
-
- public function readSources()
- {
- if (is_null($this->sourcesFile)) {
- $this->readSourcesFile(__DIR__."/../../uptodate_data/php/sources.json");
- $this->readSourcesFile(__DIR__."/../../uptodate_data/js/sources.json");
- } else {
- if (is_array($this->sourcesFile)) {
- foreach ($this->sourcesFile as $file) {
- $this->readSourcesFile($file);
- }
- } else {
- $this->readSourcesFile($this->sourcesFile);
- }
- }
- }
-
- public function readSourcesFile($file)
- {
- if (!is_null($file)) {
- if (!file_exists($file)) {
- Utils::printError(Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")");
- }
-
- $outputJson = file_get_contents($file);
- $parsedJson = json_decode($outputJson);
-
- if (isset($parsedJson-> {'sources'})) {
- $sources = $parsedJson-> {'sources'};
- foreach ($sources as $source) {
- if (!isset($source-> {'name'})
- || !isset($source-> {'language'})) {
- Utils::printError(Lang::FORMAT_SOURCES);
- }
-
- $name = $source-> {'name'};
- $language = $source-> {'language'};
-
- $mySource = new MySource($name, $language);
-
- if (isset($source-> {'is_function'}) && $source-> {'is_function'}) {
- $mySource->setIsFunction(true);
- }
-
- if (isset($source-> {'is_array'}) && $source-> {'is_array'}) {
- $mySource->setIsArray(true);
- }
-
- if (isset($source-> {'is_object'}) && $source-> {'is_object'}) {
- $mySource->setIsObject(true);
- }
-
- if (isset($source-> {'array_index'})) {
- $arr = array($source-> {'array_index'} => false);
- $mySource->setArrayValue($arr);
- }
-
- if (isset($source-> {'instanceof'})) {
- $mySource->setIsInstance(true);
- $mySource->setInstanceOfName($source-> {'instanceof'});
- }
-
- if (isset($source-> {'return_array_index'})) {
- $mySource->setReturnArray(true);
- $mySource->setReturnArrayValue($source-> {'return_array_index'});
- }
-
- if (isset($source-> {'label'})) {
- $label = MyDefinition::SECURITY_LOW;
- if ($source-> {'label'} === "high") {
- $label = MyDefinition::SECURITY_HIGH;
- }
-
- $mySource->setLabel($label);
- }
-
- if (isset($source-> {'parameters'})) {
- $parameters = $source-> {'parameters'};
- foreach ($parameters as $parameter) {
- if (is_int($parameter-> {'id'})) {
- $mySource->addParameter($parameter-> {'id'});
-
- if (isset($parameter-> {'is_array'})
- && $parameter-> {'is_array'}
- && isset($parameter-> {'array_index'})) {
- $mySource->addconditionsParameter(
- $parameter-> {'id'},
- MySource::CONDITION_ARRAY,
- $parameter-> {'array_index'}
- );
- }
- }
- }
-
- $mySource->setHasParameters(true);
- }
-
- $this->sources[] = $mySource;
- }
- } else {
- Utils::printError(Lang::FORMAT_SOURCES);
- }
- }
- }
-
- public function readValidators()
- {
- if (is_null($this->validatorsFile)) {
- $this->readValidatorsFile(__DIR__."/../../uptodate_data/php/validators.json");
- $this->readValidatorsFile(__DIR__."/../../uptodate_data/js/validators.json");
- } else {
- if (is_array($this->validatorsFile)) {
- foreach ($this->validatorsFile as $file) {
- $this->readValidatorsFile($file);
- }
- } else {
- $this->readValidatorsFile($this->validatorsFile);
- }
- }
- }
-
- public function readValidatorsFile($file)
- {
- if (!is_null($file)) {
- if (!file_exists($file)) {
- Utils::printError(Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")");
- }
-
- $outputJson = file_get_contents($file);
- $parsedJson = json_decode($outputJson);
-
- if (isset($parsedJson-> {'validators'})) {
- $validators = $parsedJson-> {'validators'};
- foreach ($validators as $validator) {
- if (!isset($validator-> {'name'})
- || !isset($validator-> {'language'})) {
- Utils::printError(Lang::FORMAT_VALIDATORS);
- }
-
- $name = $validator-> {'name'};
- $language = $validator-> {'language'};
-
- $myValidator = new MyValidator($name, $language);
-
- if (isset($validator-> {'parameters'})) {
- $parameters = $validator-> {'parameters'};
- foreach ($parameters as $parameter) {
- if (isset($parameter-> {'id'}) && isset($parameter-> {'conditions'})) {
- if (is_int($parameter-> {'id'})
- && ($parameter-> {'conditions'} === "not_tainted"
- || $parameter-> {'conditions'} === "array_not_tainted"
- || $parameter-> {'conditions'} === "valid"
- || $parameter-> {'conditions'} === "equals")) {
- if ($parameter-> {'conditions'} === "equals") {
- if (isset($parameter-> {'values'})) {
- $myValidator->addParameter(
- $parameter-> {'id'},
- $parameter-> {'conditions'},
- $parameter-> {'values'}
- );
- }
- } else {
- $myValidator->addParameter(
- $parameter-> {'id'},
- $parameter-> {'conditions'}
- );
- }
- }
- }
- }
-
- $myValidator->setHasParameters(true);
- }
-
- if (isset($validator-> {'instanceof'})) {
- $myValidator->setIsInstance(true);
- $myValidator->setInstanceOfName($validator-> {'instanceof'});
- }
-
- $this->validators[] = $myValidator;
- }
- } else {
- Utils::printError(Lang::FORMAT_VALIDATORS);
- }
- }
- }
-
- public function readResolvedIncludes()
- {
- if (!is_null($this->resolvedIncludes)) {
- if (!file_exists($this->resolvedIncludes)) {
- Utils::printError(
- Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($this->resolvedIncludes).")"
- );
- }
-
- $outputJson = file_get_contents($this->resolvedIncludes);
- $parsedJson = json_decode($outputJson);
-
- if (isset($parsedJson-> {'includes'})) {
- $includes = $parsedJson-> {'includes'};
- foreach ($includes as $include) {
- if (!isset($include-> {'line'})
- || !isset($include-> {'column'})
- || !isset($include-> {'source_file'})
- || !isset($include-> {'value'})) {
- Utils::printError(Lang::FORMAT_INCLUDES);
- }
-
- if (realpath($include-> {'source_file'})) {
- $line = $include-> {'line'};
- $column = $include-> {'column'};
- $sourceFile = realpath($include-> {'source_file'});
- $value = $include-> {'value'};
-
- $myInclude = new MyInclude($line, $column, $sourceFile, $value);
- $this->resolvedIncludesAnalysis[] = $myInclude;
- }
- }
- } else {
- Utils::printError(Lang::FORMAT_INCLUDES);
- }
- }
- }
-
- public function readFalsePositives()
- {
- if (!is_null($this->falsePositives)) {
- if (is_string($this->falsePositives)) {
- $this->readFalsePositivesFile($this->falsePositives);
- } elseif (is_array($this->falsePositives)) {
- foreach ($this->falsePositives as $falsePositive) {
- if (!isset($falsePositive["vuln_id"])) {
- Utils::printError(Lang::FORMAT_FALSE_POSITIVES);
- }
-
- $vulnId = $falsePositive["vuln_id"];
-
- $myVuln = new MyVuln($vulnId);
- $this->falsePositivesAnalysis[] = $myVuln;
- }
- } else {
- Utils::printError(Lang::FORMAT_FALSE_POSITIVES);
- }
- }
- }
-
- public function readFalsePositivesFile($file)
- {
- if (!is_null($file)) {
- if (!file_exists($file)) {
- Utils::printError(
- Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")"
- );
- }
-
- $outputJson = file_get_contents($file);
- $parsedJson = json_decode($outputJson);
-
- if (isset($parsedJson-> {'false_positives'})) {
- $falsePositives = $parsedJson-> {'false_positives'};
- foreach ($falsePositives as $falsePositive) {
- if (!isset($falsePositive-> {'vuln_id'})) {
- Utils::printError(Lang::FORMAT_FALSE_POSITIVES);
- }
-
- $vulnId = $falsePositive-> {'vuln_id'};
-
- $myVuln = new MyVuln($vulnId);
- $this->falsePositivesAnalysis[] = $myVuln;
- }
- } else {
- Utils::printError(Lang::FORMAT_FALSE_POSITIVES);
- }
- }
- }
-
- public function readExcludes()
- {
- if (!is_null($this->excludes)) {
- if (is_string($this->excludes)) {
- $this->readExcludesFile($this->excludes);
- } elseif (is_array($this->excludes)) {
- if (isset($this->excludes["exclude_files"])) {
- $excludeFiles = $this->excludes["exclude_files"];
- foreach ($excludeFiles as $excludeFile) {
- if (realpath($excludeFile)) {
- $this->excludesFilesAnalysis[] = realpath($excludeFile);
- }
- }
- }
-
- if (isset($this->excludes["exclude_folders"])) {
- $excludeFolders = $this->excludes["exclude_folders"];
- foreach ($excludeFolders as $excludeFolder) {
- if (realpath($excludeFolder)) {
- $this->excludesFoldersAnalysis[] = realpath($excludeFolder);
- }
- }
- }
- }
- }
- }
-
- public function readExcludesFile($file)
- {
- if (!is_null($file)) {
- if (!file_exists($file)) {
- Utils::printError(
- Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")"
- );
- }
-
- $outputJson = file_get_contents($file);
- $parsedJson = json_decode($outputJson);
-
- if (isset($parsedJson-> {'exclude_files'})) {
- $excludeFiles = $parsedJson-> {'exclude_files'};
- foreach ($excludeFiles as $excludeFile) {
- if (realpath($excludeFile)) {
- $this->excludesFilesAnalysis[] = realpath($excludeFile);
- }
- }
- }
-
- if (isset($parsedJson-> {'exclude_folders'})) {
- $excludeFolders = $parsedJson-> {'exclude_folders'};
- foreach ($excludeFolders as $excludeFolder) {
- if (realpath($excludeFolder)) {
- $this->excludesFoldersAnalysis[] = realpath($excludeFolder);
- }
- }
- }
- }
- }
-
- public function readIncludesFile($file)
- {
- if (!is_null($file)) {
- if (!file_exists($file)) {
- Utils::printError(
- Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")"
- );
- }
-
- $outputJson = file_get_contents($file);
- $parsedJson = json_decode($outputJson);
-
- if (isset($parsedJson-> {'include_files'})) {
- $includeFiles = $parsedJson-> {'include_files'};
- foreach ($includeFiles as $includeFile) {
- if (realpath($includeFile)) {
- $this->includesFilesAnalysis[] = realpath($includeFile);
- }
- }
- }
-
- if (isset($parsedJson-> {'include_folders'})) {
- $includeFolders = $parsedJson-> {'include_folders'};
- foreach ($includeFolders as $includeFolder) {
- if (realpath($includeFolder)) {
- $this->includesFoldersAnalysis[] = realpath($includeFolder);
- }
- }
- }
- }
- }
-
- public function readIncludes()
- {
- if (!is_null($this->includes)) {
- if (is_string($this->includes)) {
- $this->readIncludesFile($this->includes);
- } elseif (is_array($this->includes)) {
- if (isset($this->includes["include_files"])) {
- $includeFiles = $this->includes["include_files"];
- foreach ($includeFiles as $includeFile) {
- if (realpath($includeFile)) {
- $this->includesFilesAnalysis[] = realpath($includeFile);
- }
- }
- }
-
- if (isset($this->includes["include_folders"])) {
- $includeFolders = $this->includes["include_folders"];
- foreach ($includeFolders as $includeFolder) {
- if (realpath($includeFolder)) {
- $this->includesFoldersAnalysis[] = realpath($includeFolder);
- }
- }
- }
- }
- }
- }
-
- public function readCustomRules()
- {
- if (is_null($this->customFile)) {
- $this->readCustomFile(__DIR__."/../../uptodate_data/php/rules.json");
- $this->readCustomFile(__DIR__."/../../uptodate_data/js/rules.json");
- } else {
- if (is_array($this->customFile)) {
- foreach ($this->customFile as $file) {
- $this->readCustomFile($file);
- }
- } else {
- $this->readCustomFile($this->customFile);
- }
- }
- }
-
- public function readCustomFile($file)
- {
- if (!is_null($file)) {
- if (!file_exists($file)) {
- Utils::printError(
- Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")"
- );
- }
-
- $outputJson = file_get_contents($file);
- $parsedJson = json_decode($outputJson);
-
- if (isset($parsedJson-> {'custom_rules'})) {
- $customRules = $parsedJson-> {'custom_rules'};
- foreach ($customRules as $customRule) {
- if (isset($customRule-> {'description'})) {
- $myCustom = new MyCustomRule($customRule-> {'description'});
-
- if (!isset($customRule-> {'cwe'})) {
- $customRule-> {'cwe'} = "";
- }
-
- if (!isset($customRule-> {'attack'})) {
- $customRule-> {'attack'} = "";
- }
-
- $myCustom->setCwe($customRule-> {'cwe'});
- $myCustom->setAttack($customRule-> {'attack'});
- if (isset($customRule-> {'extra'})) {
- $myCustom->setExtra($customRule-> {'extra'});
- }
-
- if (isset($customRule-> {'sequence'}) && isset($customRule-> {'action'})) {
- $myCustom->setType(MyCustomRule::TYPE_SEQUENCE);
- $myCustom->setAction($customRule-> {'action'});
-
- foreach ($customRule-> {'sequence'} as $seq) {
- if (isset($seq-> {'function_name'}) && isset($seq-> {'language'})) {
- $myCustomFunction = null;
- $myCustomFunction = $myCustom->addToSequence(
- $seq-> {'function_name'},
- $seq-> {'language'}
- );
-
- if (isset($seq-> {'parameters'}) && !is_null($myCustomFunction)) {
- $parameters = $seq-> {'parameters'};
- foreach ($parameters as $parameter) {
- if (isset($parameter-> {'id'}) && isset($parameter-> {'values'})) {
- $validbydefault = false;
- if (isset($parameter-> {'valid_by_default'})
- && $parameter-> {'valid_by_default'}) {
- $validbydefault = true;
- }
-
- $fixed = false;
- if (isset($parameter-> {'fixed'})
- && $parameter-> {'fixed'}) {
- $fixed = true;
- }
-
- if (is_int($parameter-> {'id'})) {
- $myCustomFunction->addParameter(
- $parameter-> {'id'},
- $validbydefault,
- $fixed,
- $parameter-> {'values'}
- );
- }
- }
- }
-
- $myCustomFunction->setHasParameters(true);
- }
-
- if (isset($seq-> {'instanceof'})) {
- $myCustomFunction->setIsInstance(true);
- $myCustomFunction->setInstanceOfName($seq-> {'instanceof'});
- }
- }
- }
- } elseif (isset($customRule-> {'name'})
- && isset($customRule-> {'language'})
- && isset($customRule-> {'action'})
- && isset($customRule-> {'is_function'})
- && $customRule-> {'is_function'} === true) {
- $myCustom->setType(MyCustomRule::TYPE_FUNCTION);
- $myCustom->setAction($customRule-> {'action'});
- $myCustomFunction = $myCustom->addFunctionDefinition(
- $customRule-> {'name'},
- $customRule-> {'language'}
- );
-
- if (isset($customRule-> {'parameters'})) {
- $parameters = $customRule-> {'parameters'};
- foreach ($parameters as $parameter) {
- if (isset($parameter-> {'id'}) && isset($parameter-> {'values'})) {
- if (is_int($parameter-> {'id'})) {
- $fixed = false;
- if (isset($parameter-> {'fixed'})
- && $parameter-> {'fixed'}) {
- $fixed = true;
- }
-
- $validbydefault = false;
- if (isset($parameter-> {'valid_by_default'})
- && $parameter-> {'valid_by_default'}) {
- $validbydefault = true;
- }
-
- $myCustomFunction->addParameter(
- $parameter-> {'id'},
- $validbydefault,
- $fixed,
- $parameter-> {'values'}
- );
- }
- }
- }
-
- $myCustomFunction->setHasParameters(true);
- }
-
- if (isset($customRule-> {'instanceof'})) {
- $myCustomFunction->setIsInstance(true);
- $myCustomFunction->setInstanceOfName($customRule-> {'instanceof'});
- }
-
- if (isset($customRule-> {'min_nb_args'})) {
- $myCustomFunction->setMinNbArgs($customRule-> {'min_nb_args'});
- }
-
- if (isset($customRule-> {'max_nb_args'})) {
- $myCustomFunction->setMaxNbArgs($customRule-> {'max_nb_args'});
- }
- } elseif (isset($customRule-> {'name'})
- && isset($customRule-> {'language'})
- && isset($customRule-> {'action'})
- && (!isset($customRule-> {'is_function'})
- || $customRule-> {'is_function'} !== true)) {
- $myCustom->setType(MyCustomRule::TYPE_VARIABLE);
- $myCustom->setAction($customRule-> {'action'});
- $myCustomVariable = $myCustom->addVariableDefinition(
- $customRule-> {'name'},
- $customRule-> {'language'}
- );
-
- if (isset($customRule-> {'instanceof'})) {
- $myCustomVariable->setIsInstance(true);
- $myCustomVariable->setInstanceOfName($customRule-> {'instanceof'});
- }
- }
-
- $this->customRules[] = $myCustom;
+ if (!is_null($inclusions)) {
+ if (is_string($inclusions)) {
+ $this->readIncludesFile($inclusions);
+ } elseif (is_array($inclusions)) {
+ foreach ($inclusions as $includeFile) {
+ if (is_string($includeFile) && !in_array($includeFile, $this->includesFilesAnalysis, true)) {
+ $this->includesFilesAnalysis[] = $includeFile;
}
}
}
diff --git a/package/src/progpilot/Inputs/MyInputsInternalApi.php b/package/src/progpilot/Inputs/MyInputsInternalApi.php
new file mode 100644
index 00000000..369ae934
--- /dev/null
+++ b/package/src/progpilot/Inputs/MyInputsInternalApi.php
@@ -0,0 +1,1050 @@
+dev = false;
+ $this->languages = ["php"];
+
+ $this->customRules = [];
+ $this->sanitizers = [];
+ $this->sinks = [];
+ $this->sources = [];
+ $this->validators = [];
+
+ $this->overwrittenCustomRules = false;
+ $this->overwrittenSanitizers = false;
+ $this->overwrittenSinks = false;
+ $this->overwrittenSources = false;
+ $this->overwrittenValidators = false;
+
+ $this->falsePositivesAnalysis = [];
+ $this->excludesFilesAnalysis = ["vendor", "node_modules"];
+ $this->includesFilesAnalysis = [];
+ $this->resolvedIncludesAnalysis = [];
+
+ $this->file = null;
+ $this->code = null;
+ $this->folder = null;
+
+ $this->falsePositives= null;
+ }
+
+ public function resolvePaths()
+ {
+ $tmpFiles = $this->excludesFilesAnalysis;
+ $this->excludesFilesAnalysis = [];
+
+ foreach ($tmpFiles as $excludedFile) {
+ if (strpos($excludedFile, "/") !== false
+ || strpos($excludedFile, "\\") !== false) {
+ // there is a slash, the dev likely wants a path
+ if (str_starts_with("./", $excludedFile) === 0
+ && str_starts_with(".\\", $excludedFile) === 0
+ && str_starts_with("/", $excludedFile) === 0
+ && preg_match("/^[a-bA-B]*:/", $excludedFile) === 0) {
+ // it's not a relative or absolute path
+ $excludedFile = ".".DIRECTORY_SEPARATOR.$excludedFile;
+ }
+
+ $excludedFile = realpath($excludedFile);
+ }
+
+ if (!in_array($excludedFile, $this->excludesFilesAnalysis, true)) {
+ $this->excludesFilesAnalysis[] = $excludedFile;
+ }
+ }
+
+
+ $tmpFiles = $this->includesFilesAnalysis;
+ $this->includesFilesAnalysis = [];
+
+ foreach ($tmpFiles as $includedFile) {
+ if (strpos($includedFile, "/") !== false
+ || strpos($includedFile, "\\") !== false) {
+ // there is a slash, the dev likely wants a path
+ if (str_starts_with("./", $includedFile) === 0
+ && str_starts_with(".\\", $includedFile) === 0
+ && str_starts_with("/", $includedFile) === 0
+ && preg_match("/^[a-bA-B]*:/", $includedFile) === 0) {
+ // it's not a relative or absolute path
+ $includedFile = ".".DIRECTORY_SEPARATOR.$includedFile;
+ }
+
+ $includedFile = realpath($includedFile);
+ }
+
+ if (!in_array($includedFile, $this->includesFilesAnalysis, true)) {
+ $this->includesFilesAnalysis[] = $includedFile;
+ }
+ }
+ }
+
+ public function isLanguage($lang)
+ {
+ return in_array($lang, $this->languages, true);
+ }
+
+ public function isExcludedFile($name)
+ {
+ $name = realpath($name);
+ $basename = basename($name);
+ $folders = explode(DIRECTORY_SEPARATOR, $name);
+
+ foreach ($this->excludesFilesAnalysis as $excludeFileName) {
+ if (strpos($excludeFileName, "/") === false
+ && strpos($excludeFileName, "\\") === false) {
+ // it's not a path
+ // test if it's a file name
+ if (basename($excludeFileName) === $basename) {
+ return true;
+ }
+
+ // test if it's a folder name
+ if (!empty($folders)) {
+ foreach ($folders as $folder) {
+ if ($folder === $excludeFileName) {
+ return true;
+ }
+ }
+ }
+ } else {
+ // we found if
+ if (strpos($name, $excludeFileName) === 0) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
+ public function isIncludedFile($name)
+ {
+ $name = realpath($name);
+ $basename = basename($name);
+ $folders = explode(DIRECTORY_SEPARATOR, $name);
+
+ foreach ($this->includesFilesAnalysis as $includedFileName) {
+ if (strpos($includedFileName, "/") === false
+ && strpos($includedFileName, "\\") === false) {
+ // it's not a path
+ // test if it's a file name
+ if (basename($includedFileName) === $basename) {
+ return true;
+ }
+
+ // test if it's a folder name
+ if (!empty($folders)) {
+ foreach ($folders as $folder) {
+ if ($folder === $includedFileName) {
+ return true;
+ }
+ }
+ }
+ } else {
+ // we found if
+ if (strpos($name, $includedFileName) === 0) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
+ public function getIncludeByLocation($line, $column, $sourceFile)
+ {
+ foreach ($this->resolvedIncludesAnalysis as $myInclude) {
+ if ($myInclude->getLine() === $line
+ && $myInclude->getColumn() === $column
+ && $myInclude->getSourceFile() === $sourceFile) {
+ return $myInclude;
+ }
+ }
+
+ return null;
+ }
+
+ public function getValidatorByName($myFunc, $myClass)
+ {
+ foreach ($this->validators as $myValidator) {
+ if ($myValidator->getName() === $myFunc->getName()) {
+ if (!$myValidator->isInstance() && !$myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ return $myValidator;
+ }
+
+ if ($myValidator->isInstance() && $myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ if (!is_null($myClass) &&
+ ($myValidator->getInstanceOfName() === $myClass->getName()
+ || $myValidator->getInstanceOfName() === $myClass->getExtendsOf())) {
+ return $myValidator;
+ }
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public function getSanitizerByName($myFunc, $myClass)
+ {
+ foreach ($this->sanitizers as $mySanitizer) {
+ if ($mySanitizer->getName() === $myFunc->getName()) {
+ if (!$mySanitizer->isInstance() && !$myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ return $mySanitizer;
+ }
+
+ if ($mySanitizer->isInstance() && $myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ if (!is_null($myClass) &&
+ ($mySanitizer->getInstanceOfName() === $myClass->getName()
+ || $mySanitizer->getInstanceOfName() === $myClass->getExtendsOf())) {
+ return $mySanitizer;
+ }
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public function getSinkByName($myFunc, $myClass)
+ {
+ foreach ($this->sinks as $mySink) {
+ if ($mySink->getName() === $myFunc->getName()) {
+ if (!$mySink->isInstance() && !$myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ return $mySink;
+ }
+
+ if ($mySink->isInstance() && $myFunc->isType(MyFunction::TYPE_FUNC_METHOD)) {
+ if (!is_null($myClass)
+ && ($mySink->getInstanceOfName() === $myClass->getName()
+ || $mySink->getInstanceOfName() === $myClass->getExtendsOf())) {
+ return $mySink;
+ }
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public function getSourceArrayByName(
+ $myFuncOrDef,
+ $arrValue = false
+ ) {
+ foreach ($this->sources as $mySource) {
+ if ($mySource->getName() === $myFuncOrDef->getName()
+ && $mySource->getIsArray()
+ && $arrValue === false) {
+ return $mySource;
+ }
+ }
+
+ return null;
+ }
+
+ public function getSourceByName($myFuncOrDef, $myClass, $dimArray = null)
+ {
+ foreach ($this->sources as $mySource) {
+ if ($mySource->getName() === $myFuncOrDef->getName()) {
+ if (!$mySource->isInstance()
+ && empty($mySource->getArrayValue())
+ && !$myFuncOrDef->isType(MyFunction::TYPE_FUNC_METHOD)
+ && !$myFuncOrDef->isType(MyDefinition::TYPE_PROPERTY)) {
+ return $mySource;
+ }
+
+ if ($mySource->isInstance()
+ && ($myFuncOrDef->isType(MyFunction::TYPE_FUNC_METHOD)
+ || $myFuncOrDef->isType(MyDefinition::TYPE_PROPERTY))) {
+ if (!is_null($myClass) &&
+ ($mySource->getInstanceOfName() === $myClass->getName()
+ || $mySource->getInstanceOfName() === $myClass->getExtendsOf())) {
+ return $mySource;
+ }
+ }
+
+ if ($mySource->getIsArray()
+ && !empty($mySource->getArrayValue())
+ && $mySource->isAnArrayValue($dimArray)) {
+ return $mySource;
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public function getFalsePositiveById($id)
+ {
+ foreach ($this->falsePositivesAnalysis as $falsePositive) {
+ if ($falsePositive->getId() === $id) {
+ return $falsePositive;
+ }
+ }
+
+ return null;
+ }
+
+ public function readDir($dir, &$files)
+ {
+ if (is_dir($dir)) {
+ $filesanddirs = @scandir($dir);
+
+ if ($filesanddirs !== false) {
+ foreach ($filesanddirs as $filedir) {
+ if ($filedir !== '.' && $filedir !== "..") {
+ $folderorfile = $dir.DIRECTORY_SEPARATOR.$filedir;
+
+ if (is_dir($folderorfile)) {
+ $this->readDir($folderorfile, $files);
+ } else {
+ $files[] = $folderorfile;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ public function readFrameworks()
+ {
+ $frameworksConfigurationFiles = [];
+ $frameworksDir = __DIR__."/../../uptodate_data/php/frameworks/";
+
+ $this->readDir($frameworksDir, $frameworksConfigurationFiles);
+
+ foreach ($frameworksConfigurationFiles as $configFile) {
+ $basenameConfigFile = basename($configFile);
+ switch ($basenameConfigFile) {
+ case "sanitizers.json":
+ if (!$this->overwrittenSanitizers) {
+ $this->readSanitizersFile($configFile);
+ }
+ break;
+ case "validators.json":
+ if (!$this->overwrittenValidators) {
+ $this->readValidatorsFile($configFile);
+ }
+ break;
+ case "sinks.json":
+ if (!$this->overwrittenSinks) {
+ $this->readSinksFile($configFile);
+ }
+ break;
+ case "sources.json":
+ if (!$this->overwrittenSources) {
+ $this->readSourcesFile($configFile);
+ }
+ break;
+ case "rules.json":
+ if (!$this->overwrittenCustomRules) {
+ $this->readCustomFile($configFile);
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ }
+
+ public function readDefaultSanitizers()
+ {
+ if (!$this->overwrittenSanitizers) {
+ $this->readSanitizersFile(__DIR__."/../../uptodate_data/php/sanitizers.json");
+ $this->readSanitizersFile(__DIR__."/../../uptodate_data/js/sanitizers.json");
+ }
+ }
+
+ public function readSanitizersFile($file)
+ {
+ if (!is_null($file)) {
+ if (!file_exists($file)) {
+ Utils::printError(Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")");
+ }
+
+ $outputJson = file_get_contents($file);
+
+ $parsedJson = json_decode($outputJson);
+
+ if (isset($parsedJson-> {'sanitizers'})) {
+ $sanitizers = $parsedJson-> {'sanitizers'};
+ foreach ($sanitizers as $sanitizer) {
+ if (!isset($sanitizer-> {'name'})
+ || !isset($sanitizer-> {'language'})) {
+ Utils::printError(Lang::FORMAT_SANITIZERS);
+ }
+
+ $name = $sanitizer-> {'name'};
+ $language = $sanitizer-> {'language'};
+
+ $prevent = [];
+ if (isset($sanitizer-> {'prevent'})) {
+ $prevent = $sanitizer-> {'prevent'};
+ }
+
+ $mySanitizer = new MySanitizer($name, $language, $prevent);
+
+ if (isset($sanitizer-> {'instanceof'})) {
+ $mySanitizer->setIsInstance(true);
+ $mySanitizer->setInstanceOfName($sanitizer-> {'instanceof'});
+ }
+
+ if (isset($sanitizer-> {'parameters'})) {
+ $parameters = $sanitizer-> {'parameters'};
+ foreach ($parameters as $parameter) {
+ if (isset($parameter-> {'id'}) && isset($parameter-> {'conditions'})) {
+ if (is_int($parameter-> {'id'})
+ && ($parameter-> {'conditions'} === "equals"
+ || $parameter-> {'conditions'} === "notequals"
+ || $parameter-> {'conditions'} === "taint"
+ || $parameter-> {'conditions'} === "sanitize")) {
+ if ($parameter-> {'conditions'} === "equals"
+ || $parameter-> {'conditions'} === "notequals") {
+ if (isset($parameter-> {'values'})) {
+ $mySanitizer->addParameter(
+ $parameter-> {'id'},
+ $parameter-> {'conditions'},
+ $parameter-> {'values'}
+ );
+ }
+ } else {
+ $mySanitizer->addParameter(
+ $parameter-> {'id'},
+ $parameter-> {'conditions'}
+ );
+ }
+ }
+ }
+ }
+
+ $mySanitizer->setHasParameters(true);
+ }
+
+ if (!in_array($mySanitizer, $this->sanitizers, true)) {
+ $this->sanitizers[] = $mySanitizer;
+ }
+ }
+ } else {
+ Utils::printError(Lang::FORMAT_SANITIZERS);
+ }
+ }
+ }
+
+ public function readDefaultSinks()
+ {
+ if (!$this->overwrittenSinks) {
+ $this->readSinksFile(__DIR__."/../../uptodate_data/php/sinks.json");
+ $this->readSinksFile(__DIR__."/../../uptodate_data/js/sinks.json");
+ }
+ }
+
+ public function readSinksFile($file)
+ {
+ if (!is_null($file)) {
+ if (!file_exists($file)) {
+ Utils::printError(Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")");
+ }
+
+ $outputJson = file_get_contents($file);
+ $parsedJson = json_decode($outputJson);
+
+ if (isset($parsedJson-> {'sinks'})) {
+ $sinks = $parsedJson-> {'sinks'};
+ foreach ($sinks as $sink) {
+ if (!isset($sink-> {'name'})
+ || !isset($sink-> {'language'})
+ || !isset($sink-> {'attack'})
+ || !isset($sink-> {'cwe'})) {
+ Utils::printError(Lang::FORMAT_SINKS);
+ }
+
+ $name = $sink-> {'name'};
+ $language = $sink-> {'language'};
+ $attack = $sink-> {'attack'};
+ $cwe = $sink-> {'cwe'};
+
+ $mySink = new MySink($name, $language, $attack, $cwe);
+
+ if (isset($sink-> {'instanceof'})) {
+ $mySink->setIsInstance(true);
+ $mySink->setInstanceOfName($sink-> {'instanceof'});
+ }
+
+ if (isset($sink-> {'conditions'})) {
+ $mySink->addGlobalconditions($sink-> {'conditions'});
+ }
+
+ if (isset($sink-> {'parameters'})) {
+ $parameters = $sink-> {'parameters'};
+ foreach ($parameters as $parameter) {
+ if (isset($parameter-> {'id'}) && is_int($parameter-> {'id'})) {
+ if (isset($parameter-> {'conditions'})) {
+ $mySink->addParameter($parameter-> {'id'}, $parameter-> {'conditions'});
+ } else {
+ $mySink->addParameter($parameter-> {'id'});
+ }
+ }
+ }
+
+ $mySink->setHasParameters(true);
+ }
+
+ if (!in_array($mySink, $this->sinks, true)) {
+ $this->sinks[] = $mySink;
+ }
+ }
+ } else {
+ Utils::printError(Lang::FORMAT_SINKS);
+ }
+ }
+ }
+
+ public function readDefaultSources()
+ {
+ if (!$this->overwrittenSources) {
+ $this->readSourcesFile(__DIR__."/../../uptodate_data/php/sources.json");
+ $this->readSourcesFile(__DIR__."/../../uptodate_data/js/sources.json");
+ }
+ }
+
+ public function readSourcesFile($file)
+ {
+ if (!is_null($file)) {
+ if (!file_exists($file)) {
+ Utils::printError(Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")");
+ }
+
+ $outputJson = file_get_contents($file);
+ $parsedJson = json_decode($outputJson);
+
+ if (isset($parsedJson-> {'sources'})) {
+ $sources = $parsedJson-> {'sources'};
+ foreach ($sources as $source) {
+ if (!isset($source-> {'name'})
+ || !isset($source-> {'language'})) {
+ Utils::printError(Lang::FORMAT_SOURCES);
+ }
+
+ $name = $source-> {'name'};
+ $language = $source-> {'language'};
+
+ $mySource = new MySource($name, $language);
+
+ if (isset($source-> {'is_function'}) && $source-> {'is_function'}) {
+ $mySource->setIsFunction(true);
+ }
+
+ if (isset($source-> {'is_arrayof_objects'}) && $source-> {'is_arrayof_objects'}) {
+ $mySource->setIsArrayOfObjects(true);
+ }
+
+ if (isset($source-> {'is_arrayof_arrays'}) && $source-> {'is_arrayof_arrays'}) {
+ $mySource->setIsArrayOfArrays(true);
+ }
+
+ if (isset($source-> {'is_array'}) && $source-> {'is_array'}) {
+ $mySource->setIsArray(true);
+ }
+
+ if (isset($source-> {'is_object'}) && $source-> {'is_object'}) {
+ $mySource->setIsObject(true);
+ }
+
+ if (isset($source-> {'array_index'}) && is_array($source-> {'array_index'})) {
+ $arr = [];
+ foreach ($source-> {'array_index'} as $array_index) {
+ $arr[] = $array_index;
+ }
+
+ $mySource->setArrayValue($arr);
+ }
+
+ if (isset($source-> {'instanceof'})) {
+ $mySource->setIsInstance(true);
+ $mySource->setInstanceOfName($source-> {'instanceof'});
+ }
+
+ if (isset($source-> {'return_array_index'})) {
+ $mySource->setReturnArray(true);
+ $mySource->setReturnArrayValue($source-> {'return_array_index'});
+ }
+
+ if (isset($source-> {'label'})) {
+ $label = MyDefinition::SECURITY_LOW;
+ if ($source-> {'label'} === "high") {
+ $label = MyDefinition::SECURITY_HIGH;
+ }
+
+ $mySource->setLabel($label);
+ }
+
+ if (isset($source-> {'parameters'})) {
+ $parameters = $source-> {'parameters'};
+ foreach ($parameters as $parameter) {
+ if (is_int($parameter-> {'id'})) {
+ $mySource->addParameter($parameter-> {'id'});
+
+ if (isset($parameter-> {'is_array'})
+ && $parameter-> {'is_array'}
+ && isset($parameter-> {'array_index'})) {
+ $mySource->addconditionsParameter(
+ $parameter-> {'id'},
+ MySource::CONDITION_ARRAY,
+ $parameter-> {'array_index'}
+ );
+ }
+ }
+ }
+
+ $mySource->setHasParameters(true);
+ }
+
+ if (!in_array($mySource, $this->sources, true)) {
+ $this->sources[] = $mySource;
+ }
+ }
+ } else {
+ Utils::printError(Lang::FORMAT_SOURCES);
+ }
+ }
+ }
+
+ public function readDefaultValidators()
+ {
+ if (!$this->overwrittenValidators) {
+ $this->readValidatorsFile(__DIR__."/../../uptodate_data/php/validators.json");
+ $this->readValidatorsFile(__DIR__."/../../uptodate_data/js/validators.json");
+ }
+ }
+
+ public function readValidatorsFile($file)
+ {
+ if (!is_null($file)) {
+ if (!file_exists($file)) {
+ Utils::printError(Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")");
+ }
+
+ $outputJson = file_get_contents($file);
+ $parsedJson = json_decode($outputJson);
+
+ if (isset($parsedJson-> {'validators'})) {
+ $validators = $parsedJson-> {'validators'};
+ foreach ($validators as $validator) {
+ if (!isset($validator-> {'name'})
+ || !isset($validator-> {'language'})) {
+ Utils::printError(Lang::FORMAT_VALIDATORS);
+ }
+
+ $name = $validator-> {'name'};
+ $language = $validator-> {'language'};
+
+ $validWhenReturning = true;
+ if (isset($validator-> {'valid_when_returning'})) {
+ $validWhenReturning = $validator-> {'valid_when_returning'};
+ }
+
+ $myValidator = new MyValidator($name, $language, $validWhenReturning);
+
+ if (isset($validator-> {'parameters'})) {
+ $parameters = $validator-> {'parameters'};
+ foreach ($parameters as $parameter) {
+ if (isset($parameter-> {'id'}) && isset($parameter-> {'conditions'})) {
+ if (is_int($parameter-> {'id'})
+ && ($parameter-> {'conditions'} === "not_tainted"
+ || $parameter-> {'conditions'} === "array_not_tainted"
+ || $parameter-> {'conditions'} === "valid"
+ || $parameter-> {'conditions'} === "equals"
+ || $parameter-> {'conditions'} === "notequals")) {
+ if ($parameter-> {'conditions'} === "equals"
+ || $parameter-> {'conditions'} === "notequals") {
+ if (isset($parameter-> {'values'})) {
+ $myValidator->addParameter(
+ $parameter-> {'id'},
+ $parameter-> {'conditions'},
+ $parameter-> {'values'}
+ );
+ }
+ } else {
+ $myValidator->addParameter(
+ $parameter-> {'id'},
+ $parameter-> {'conditions'}
+ );
+ }
+ }
+ }
+ }
+
+ $myValidator->setHasParameters(true);
+ }
+
+ if (isset($validator-> {'instanceof'})) {
+ $myValidator->setIsInstance(true);
+ $myValidator->setInstanceOfName($validator-> {'instanceof'});
+ }
+
+ if (!in_array($myValidator, $this->validators, true)) {
+ $this->validators[] = $myValidator;
+ }
+ }
+ } else {
+ Utils::printError(Lang::FORMAT_VALIDATORS);
+ }
+ }
+ }
+
+ public function readDefaultCustomRules()
+ {
+ if (!$this->overwrittenCustomRules) {
+ $this->readCustomFile(__DIR__."/../../uptodate_data/php/rules.json");
+ $this->readCustomFile(__DIR__."/../../uptodate_data/js/rules.json");
+ }
+ }
+
+ public function readCustomFile($file)
+ {
+ if (!is_null($file)) {
+ if (!file_exists($file)) {
+ Utils::printError(
+ Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")"
+ );
+ }
+
+ $outputJson = file_get_contents($file);
+ $parsedJson = json_decode($outputJson);
+
+ if (isset($parsedJson-> {'custom_rules'})) {
+ $customRules = $parsedJson-> {'custom_rules'};
+ foreach ($customRules as $customRule) {
+ if (isset($customRule-> {'description'})) {
+ $myCustom = new MyCustomRule($customRule-> {'description'});
+
+ if (!isset($customRule-> {'cwe'})) {
+ $customRule-> {'cwe'} = "";
+ }
+
+ if (!isset($customRule-> {'attack'})) {
+ $customRule-> {'attack'} = "";
+ }
+
+ $myCustom->setCwe($customRule-> {'cwe'});
+ $myCustom->setAttack($customRule-> {'attack'});
+ if (isset($customRule-> {'extra'})) {
+ $myCustom->setExtra($customRule-> {'extra'});
+ }
+
+ if (isset($customRule-> {'sequence'}) && isset($customRule-> {'action'})) {
+ $myCustom->setType(MyCustomRule::TYPE_SEQUENCE);
+ $myCustom->setAction($customRule-> {'action'});
+
+ foreach ($customRule-> {'sequence'} as $seq) {
+ if (isset($seq-> {'function_name'}) && isset($seq-> {'language'})) {
+ $myCustomFunction = null;
+ $myCustomFunction = $myCustom->addToSequence(
+ $seq-> {'function_name'},
+ $seq-> {'language'}
+ );
+
+ if (isset($seq-> {'parameters'}) && !is_null($myCustomFunction)) {
+ $parameters = $seq-> {'parameters'};
+ foreach ($parameters as $parameter) {
+ if (isset($parameter-> {'id'}) && isset($parameter-> {'values'})) {
+ $validbydefault = false;
+ if (isset($parameter-> {'valid_by_default'})
+ && $parameter-> {'valid_by_default'}) {
+ $validbydefault = true;
+ }
+
+ $fixed = false;
+ if (isset($parameter-> {'fixed'})
+ && $parameter-> {'fixed'}) {
+ $fixed = true;
+ }
+
+ $sufficient = false;
+ if (isset($parameter-> {'sufficient'})
+ && $parameter-> {'sufficient'}) {
+ $sufficient = true;
+ }
+
+ $fail_if_not_verified = true;
+ if (isset($parameter-> {'fail_if_not_verified'})
+ && !$parameter-> {'fail_if_not_verified'}) {
+ $fail_if_not_verified = false;
+ }
+
+ $notequals = false;
+ if (isset($parameter-> {'notequals'})
+ && $parameter-> {'notequals'}) {
+ $notequals = true;
+ }
+
+ if (is_int($parameter-> {'id'})) {
+ $myCustomFunction->addParameter(
+ $parameter-> {'id'},
+ $validbydefault,
+ $fixed,
+ $sufficient,
+ $fail_if_not_verified,
+ $notequals,
+ $parameter-> {'values'}
+ );
+ }
+ }
+ }
+
+ $myCustomFunction->setHasParameters(true);
+ }
+
+ if (isset($seq-> {'instanceof'})) {
+ $myCustomFunction->setIsInstance(true);
+ $myCustomFunction->setInstanceOfName($seq-> {'instanceof'});
+ }
+ }
+ }
+ } elseif (isset($customRule-> {'name'})
+ && isset($customRule-> {'language'})
+ && isset($customRule-> {'action'})
+ && isset($customRule-> {'is_function'})
+ && $customRule-> {'is_function'} === true) {
+ $myCustom->setType(MyCustomRule::TYPE_FUNCTION);
+ $myCustom->setAction($customRule-> {'action'});
+ $myCustomFunction = $myCustom->addFunctionDefinition(
+ $customRule-> {'name'},
+ $customRule-> {'language'}
+ );
+
+ if (isset($customRule-> {'parameters'})) {
+ $parameters = $customRule-> {'parameters'};
+ foreach ($parameters as $parameter) {
+ if (isset($parameter-> {'id'}) && isset($parameter-> {'values'})) {
+ if (is_int($parameter-> {'id'})) {
+ $fixed = false;
+ if (isset($parameter-> {'fixed'})
+ && $parameter-> {'fixed'}) {
+ $fixed = true;
+ }
+
+ $validbydefault = false;
+ if (isset($parameter-> {'valid_by_default'})
+ && $parameter-> {'valid_by_default'}) {
+ $validbydefault = true;
+ }
+
+ $sufficient = false;
+ if (isset($parameter-> {'sufficient'})
+ && $parameter-> {'sufficient'}) {
+ $sufficient = true;
+ }
+
+ $fail_if_not_verified = true;
+ if (isset($parameter-> {'fail_if_not_verified'})
+ && !$parameter-> {'fail_if_not_verified'}) {
+ $fail_if_not_verified = false;
+ }
+
+ $notequals = false;
+ if (isset($parameter-> {'notequals'})
+ && $parameter-> {'notequals'}) {
+ $notequals = true;
+ }
+
+ $myCustomFunction->addParameter(
+ $parameter-> {'id'},
+ $validbydefault,
+ $fixed,
+ $sufficient,
+ $fail_if_not_verified,
+ $notequals,
+ $parameter-> {'values'}
+ );
+ }
+ }
+ }
+
+ $myCustomFunction->setHasParameters(true);
+ }
+
+ if (isset($customRule-> {'instanceof'})) {
+ $myCustomFunction->setIsInstance(true);
+ $myCustomFunction->setInstanceOfName($customRule-> {'instanceof'});
+ }
+
+ if (isset($customRule-> {'min_nb_args'})) {
+ $myCustomFunction->setMinNbArgs($customRule-> {'min_nb_args'});
+ }
+
+ if (isset($customRule-> {'max_nb_args'})) {
+ $myCustomFunction->setMaxNbArgs($customRule-> {'max_nb_args'});
+ }
+ } elseif (isset($customRule-> {'name'})
+ && isset($customRule-> {'language'})
+ && isset($customRule-> {'action'})
+ && (!isset($customRule-> {'is_function'})
+ || $customRule-> {'is_function'} !== true)) {
+ $myCustom->setType(MyCustomRule::TYPE_VARIABLE);
+ $myCustom->setAction($customRule-> {'action'});
+ $myCustomVariable = $myCustom->addVariableDefinition(
+ $customRule-> {'name'},
+ $customRule-> {'language'}
+ );
+
+ if (isset($customRule-> {'instanceof'})) {
+ $myCustomVariable->setIsInstance(true);
+ $myCustomVariable->setInstanceOfName($customRule-> {'instanceof'});
+ }
+ }
+
+ if (!in_array($myCustom, $this->customRules, true)) {
+ $this->customRules[] = $myCustom;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ public function readFalsePositives($falsePositives)
+ {
+ if (!is_null($falsePositives)) {
+ if (is_string($falsePositives)) {
+ $this->readFalsePositivesFile($falsePositives);
+ } elseif (is_array($falsePositives)) {
+ foreach ($falsePositives as $falsePositive) {
+ if (!isset($falsePositive["vuln_id"])) {
+ Utils::printError(Lang::FORMAT_FALSE_POSITIVES);
+ }
+
+ $vulnId = $falsePositive["vuln_id"];
+
+ $myVuln = new MyVuln($vulnId);
+
+ if (!in_array($myVuln, $this->falsePositivesAnalysis, true)) {
+ $this->falsePositivesAnalysis[] = $myVuln;
+ }
+ }
+ } else {
+ Utils::printError(Lang::FORMAT_FALSE_POSITIVES);
+ }
+ }
+ }
+
+ public function readFalsePositivesFile($file)
+ {
+ if (!is_null($file)) {
+ if (!file_exists($file)) {
+ Utils::printError(
+ Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")"
+ );
+ }
+
+ $outputJson = file_get_contents($file);
+ $parsedJson = json_decode($outputJson);
+
+ if (isset($parsedJson-> {'false_positives'})) {
+ $falsePositives = $parsedJson-> {'false_positives'};
+ foreach ($falsePositives as $falsePositive) {
+ if (!isset($falsePositive-> {'vuln_id'})) {
+ Utils::printError(Lang::FORMAT_FALSE_POSITIVES);
+ }
+
+ $vulnId = $falsePositive-> {'vuln_id'};
+
+ $myVuln = new MyVuln($vulnId);
+ if (!in_array($myVuln, $this->falsePositivesAnalysis, true)) {
+ $this->falsePositivesAnalysis[] = $myVuln;
+ }
+ }
+ } else {
+ Utils::printError(Lang::FORMAT_FALSE_POSITIVES);
+ }
+ }
+ }
+
+ public function readExcludesFile($file)
+ {
+ if (!is_null($file)) {
+ if (!file_exists($file)) {
+ Utils::printError(
+ Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")"
+ );
+ }
+
+ $outputJson = file_get_contents($file);
+ $parsedJson = json_decode($outputJson);
+
+ if (isset($parsedJson->{'exclusions'}) && is_array($parsedJson->{'exclusions'})) {
+ foreach ($parsedJson->{'exclusions'} as $excludeFile) {
+ if (is_string($excludeFile) && !in_array($excludeFile, $this->excludesFilesAnalysis, true)) {
+ $this->excludesFilesAnalysis[] = $excludeFile;
+ }
+ }
+ }
+ }
+ }
+
+ public function readIncludesFile($file)
+ {
+ if (!is_null($file)) {
+ if (!file_exists($file)) {
+ Utils::printError(
+ Lang::FILE_DOESNT_EXIST." (".Utils::encodeCharacters($file).")"
+ );
+ }
+
+ $outputJson = file_get_contents($file);
+ $parsedJson = json_decode($outputJson);
+
+ if (isset($parsedJson->{'inclusions'}) && is_array($parsedJson->{'inclusions'})) {
+ foreach ($parsedJson->{'inclusions'} as $includeFile) {
+ if (is_string($includeFile) && !in_array($includeFile, $this->includesFilesAnalysis, true)) {
+ $this->includesFilesAnalysis[] = $includeFile;
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/package/src/progpilot/Inputs/MySource.php b/package/src/progpilot/Inputs/MySource.php
index 38ecd5f3..04570831 100644
--- a/package/src/progpilot/Inputs/MySource.php
+++ b/package/src/progpilot/Inputs/MySource.php
@@ -15,6 +15,8 @@
class MySource extends MySpecify
{
private $isObject;
+ private $isArrayOfObjects;
+ private $isArrayOfArrays;
private $isArray;
private $isFunction;
private $arrayValue;
@@ -32,10 +34,12 @@ public function __construct($name, $language)
parent::__construct($name, $language);
$this->isObject = false;
+ $this->isArrayOfObjects = false;
+ $this->isArrayOfArrays = false;
$this->isFunction = false;
$this->returnArrayValue = null;
$this->isReturnArray = false;
- $this->arrayValue = null;
+ $this->arrayValue = [];
$this->isArray = false;
$this->hasParameters = false;
$this->parameters = [];
@@ -83,6 +87,26 @@ public function setIsObject($isObject)
$this->isObject = $isObject;
}
+ public function getIsArrayOfObjects()
+ {
+ return $this->isArrayOfObjects;
+ }
+
+ public function setIsArrayOfObjects($isArrayOfObjects)
+ {
+ $this->isArrayOfObjects = $isArrayOfObjects;
+ }
+
+ public function getIsArrayOfArrays()
+ {
+ return $this->isArrayOfArrays;
+ }
+
+ public function setIsArrayOfArrays($isArrayOfArrays)
+ {
+ $this->isArrayOfArrays = $isArrayOfArrays;
+ }
+
public function getIsArray()
{
return $this->isArray;
@@ -93,6 +117,15 @@ public function setIsArray($isArray)
$this->isArray = $isArray;
}
+ public function isAnArrayValue($arr)
+ {
+ if (in_array($arr, $this->arrayValue, true)) {
+ return true;
+ }
+
+ return false;
+ }
+
public function getArrayValue()
{
return $this->arrayValue;
diff --git a/package/src/progpilot/Inputs/MyValidator.php b/package/src/progpilot/Inputs/MyValidator.php
index d3163c41..0a82766b 100644
--- a/package/src/progpilot/Inputs/MyValidator.php
+++ b/package/src/progpilot/Inputs/MyValidator.php
@@ -14,13 +14,25 @@ class MyValidator extends MySpecify
{
private $parameters;
private $hasParameters;
+ private $validWhenReturning;
- public function __construct($name, $language)
+ public function __construct($name, $language, $validWhenReturning)
{
parent::__construct($name, $language);
$this->hasParameters = false;
$this->parameters = [];
+ $this->validWhenReturning = $validWhenReturning;
+ }
+
+ public function getValidWhenReturning()
+ {
+ return $this->validWhenReturning;
+ }
+
+ public function setValidWhenReturning($validWhenReturning, $validwhenreturning, $notboolean)
+ {
+ $this->validWhenReturning = $validWhenReturning;
}
public function addParameter($parameter, $conditions, $values = null)
@@ -51,7 +63,6 @@ public function getParameterValues($i)
{
foreach ($this->parameters as $parameter) {
$index = $parameter[0];
- $conditions = $parameter[1];
$values = $parameter[2];
if ($index === $i) {
@@ -66,7 +77,6 @@ public function isParameter($i)
{
foreach ($this->parameters as $parameter) {
$index = $parameter[0];
- $conditions = $parameter[1];
if ($index === $i) {
return true;
diff --git a/package/src/progpilot/Lang.php b/package/src/progpilot/Lang.php
index b4520c66..bd5c2e2e 100644
--- a/package/src/progpilot/Lang.php
+++ b/package/src/progpilot/Lang.php
@@ -70,19 +70,27 @@ class Lang
Lang::GLOBAL_ERROR.
Lang::GLOBAL_CHECK_CONFIG.
"Unable to parse the YAML file configuration";
+
+ const UNABLE_TO_CREATE_WORKSPACE =
+ Lang::GLOBAL_ERROR.
+ "Unable to create the workspace directory, do you have the correct permissions on filesystem?";
const COMMAND_LINE_ARG =
"Usage of progpilot : php progpilot.phar [--configuration path_to_config_file.yml] ".
"[files and folders (file1.php file2.php ...)]";
+ const PARSER_ERROR = "Exception raised during parsing.\nMessage: ";
const PROGPILOT_ARG_DESC = "Progpilot a static analysis tool for security purposes";
const FILES_ARG_DESC = "Files to be analyzed";
const CONFIG_ARG_DESC = "Read configuration from config file";
const MAX_TIME_EXCEEDED = "Max time execution exceeded (you can increase the value with ".
- "\$context->setLimitTime())";
+ "\$context->setMaxFileAnalysisDuration())";
const MAX_DEFS_EXCEEDED = "Max definitions exceeded (you can increase the value with ".
- "\$context->setLimitDefs())";
+ "\$context->setMaxDefinitions())";
const MAX_SIZE_EXCEEDED = "Max size of file exceeded (you can increase the value with ".
- "\$context->setLimitSize())";
+ "\$context->setMaxFileSize())";
+ const MAX_MEMORY_EXCEEDED = "Memory threshold reached, some references will be released ".
+ "(increasing execution time)";
+ const CANNOT_SET_MEMORY = "Cannot set php memory_limit to ";
const V8JS_NOTLOADED = "extension v8js must be loaded to analyze js files";
}
diff --git a/package/src/progpilot/Objects/MyAssertion.php b/package/src/progpilot/Objects/MyAssertion.php
index bc151f9f..ba4e42cb 100644
--- a/package/src/progpilot/Objects/MyAssertion.php
+++ b/package/src/progpilot/Objects/MyAssertion.php
@@ -12,10 +12,8 @@
class MyAssertion
{
- private $arr;
private $typeAssertion;
-
- private $myDef;
+ private $mydef;
public function __construct($myDef, $typeAssertion)
{
diff --git a/package/src/progpilot/Objects/MyBlock.php b/package/src/progpilot/Objects/MyBlock.php
index 5fa785b9..ec0f898b 100644
--- a/package/src/progpilot/Objects/MyBlock.php
+++ b/package/src/progpilot/Objects/MyBlock.php
@@ -12,77 +12,148 @@
class MyBlock extends MyOp
{
+ private $returnDefs;
private $startAddressBlock;
private $endAddressBlock;
- private $id;
- private $loop;
+ private $needUpdateOfState;
+ private $hasBeenAnalyzed;
+ private $loopParents;
+ public $children;
public $parents;
+ public $virtualParents;
public $assertions;
- public function __construct()
+ public function __construct($startLine, $startColumn)
{
- parent::__construct("", 0, 0);
+ parent::__construct("", $startLine, $startColumn);
+ $this->returnDefs = [];
$this->startAddressBlock = -1;
$this->endAddressBlock = -1;
$this->assertions = [];
$this->parents = [];
- $this->loop = false;
+ $this->loopParents = [];
+ $this->virtualParents = [];
+ $this->children = [];
+ $this->needUpdateOfState = true;
+ $this->hasBeenAnalyzed = false;
+ }
+
+ public function hasBeenAnalyzed()
+ {
+ return $this->hasBeenAnalyzed;
+ }
+
+ public function setHasBeenAnalyzed($hasBeenAnalyzed)
+ {
+ $this->hasBeenAnalyzed = $hasBeenAnalyzed;
+ }
+
+ public function setNeedUpdateOfState($update)
+ {
+ $this->needUpdateOfState = $update;
+ }
+
+ public function doNeedUpdateOfState()
+ {
+ return $this->needUpdateOfState;
+ }
+
+ public function addLoopParent($parent)
+ {
+ if (!in_array($parent, $this->loopParents, true)) {
+ $this->loopParents[] = $parent;
+ }
+ }
+
+ public function isLoopParent($parent)
+ {
+ return in_array($parent, $this->loopParents, true);
+ }
+
+ public function addVirtualParent($parent)
+ {
+ if (!in_array($parent, $this->virtualParents, true)) {
+ $this->virtualParents[] = $parent;
+ }
+ }
+
+ public function setVirtualParents($parents)
+ {
+ $this->virtualParents = $parents;
+ }
+
+ public function getVirtualParents()
+ {
+ return $this->virtualParents;
}
public function addParent($parent)
{
- $this->parents[] = $parent;
+ if (!in_array($parent, $this->parents, true)) {
+ $this->parents[] = $parent;
+ }
}
- public function addAssertion($myassertion)
+ public function getParents()
{
- $this->assertions[] = $myassertion;
+ return $this->parents;
}
- public function getAssertions()
+ public function addChild($child)
{
- return $this->assertions;
+ if (!in_array($child, $this->children, true)) {
+ $this->children[] = $child;
+ }
}
- public function setStartAddressBlock($address)
+ public function getChildren()
{
- $this->startAddressBlock = $address;
+ return $this->children;
}
- public function setEndAddressBlock($address)
+ public function addReturnDef($def)
{
- $this->endAddressBlock = $address;
+ if (!in_array($def, $this->returnDefs, true)) {
+ $this->returnDefs[] = $def;
+ }
}
- public function getStartAddressBlock()
+ public function getReturnDefs()
{
- return $this->startAddressBlock;
+ return $this->returnDefs;
}
- public function getEndAddressBlock()
+ public function addAssertion($myassertion)
{
- return $this->endAddressBlock;
+ if (!in_array($myassertion, $this->assertions, true)) {
+ $this->assertions[] = $myassertion;
+ }
}
- public function getId()
+ public function getAssertions()
{
- return $this->id;
+ return $this->assertions;
}
- public function setId($id)
+ public function setStartAddressBlock($address)
{
- $this->id = $id;
+ $this->startAddressBlock = $address;
}
- public function setIsLoop($loop)
+ public function setEndAddressBlock($address)
{
- $this->loop = $loop;
+ $this->endAddressBlock = $address;
}
- public function getIsLoop()
+ public function getStartAddressBlock()
{
- return $this->loop;
+ return $this->startAddressBlock;
+ }
+
+ public function getEndAddressBlock()
+ {
+ return $this->endAddressBlock;
}
}
diff --git a/package/src/progpilot/Objects/MyClass.php b/package/src/progpilot/Objects/MyClass.php
index bc31b3be..ca658472 100644
--- a/package/src/progpilot/Objects/MyClass.php
+++ b/package/src/progpilot/Objects/MyClass.php
@@ -12,9 +12,8 @@
class MyClass extends MyOp
{
- private $properties;
private $methods;
- private $objectIdThis;
+ private $properties;
private $extendsof;
public function __construct($varLine, $varColumn, $varName)
@@ -23,7 +22,6 @@ public function __construct($varLine, $varColumn, $varName)
$this->properties = [];
$this->methods = [];
- $this->objectIdThis = null;
$this->extendsof = null;
}
@@ -77,8 +75,8 @@ public function getProperties()
public function addProperty($property)
{
$exist = false;
- foreach ($this->properties as $propertyClass) {
- if ($propertyClass->property->getProperties() === $property->property->getProperties()) {
+ foreach ($this->properties as $defClass) {
+ if ($defClass->getName() === $property->getName()) {
$exist = true;
break;
}
@@ -89,28 +87,36 @@ public function addProperty($property)
}
}
- public function getProperty($name)
+ public function getProperty($context, $blockid, $instance, $name)
{
- foreach ($this->properties as $property) {
+ foreach ($this->properties as $def) {
// we don't check if it's STATIC property or NOT
- if ($property->property->getProperties()[0] === $name) {
- return $property;
+ if ($def->getName() === $name) {
+ return $def;
}
}
- return null;
- }
-
- public function setObjectIdThis($objectId)
- {
- $this->objectIdThis = $objectId;
- }
+ // we didn't find any propery but in this case php create automatically the property
+ // same code than in selectproperties resolvedef
+ $myProperty = new MyProperty(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $instance->getLine(),
+ $instance->getColumn(),
+ $name
+ );
+ $myProperty->setVisibility("public");
+ $this->addProperty($myProperty);
+
+ $state = $instance->getState($blockid);
+ if (!is_null($state) && $state->isType(MyDefinition::ALL_PROPERTIES_TAINTED)) {
+ $myProperty->getCurrentState()->setTainted(true);
+ $myProperty->getCurrentState()->addTaintedByDef([$instance, $state]);
+ }
- public function getObjectIdThis()
- {
- return $this->objectIdThis;
+ return $myProperty;
}
-
+
public function getExtendsOf()
{
return $this->extendsof;
diff --git a/package/src/progpilot/Objects/MyDefOriginal.php b/package/src/progpilot/Objects/MyDefOriginal.php
new file mode 100644
index 00000000..06959b3e
--- /dev/null
+++ b/package/src/progpilot/Objects/MyDefOriginal.php
@@ -0,0 +1,43 @@
+def = null;
+ $this->arrayIndexAccessor = null;
+ }
+
+ public function getDef()
+ {
+ return $this->def;
+ }
+
+ public function setDef($myDef)
+ {
+ $this->def = $myDef;
+ }
+
+ public function getArrayIndexAccessor()
+ {
+ return $this->arrayIndexAccessor;
+ }
+
+ public function setArrayIndexAccessor($arrayIndexAccessor)
+ {
+ $this->arrayIndexAccessor = $arrayIndexAccessor;
+ }
+}
diff --git a/package/src/progpilot/Objects/MyDefState.php b/package/src/progpilot/Objects/MyDefState.php
new file mode 100644
index 00000000..1f128f1f
--- /dev/null
+++ b/package/src/progpilot/Objects/MyDefState.php
@@ -0,0 +1,320 @@
+isEmbeddedByChar = [];
+ $this->isTainted = false;
+ $this->taintedByDefs = [];
+ $this->label = MyDefinition::SECURITY_LOW;
+ $this->isSanitized = false;
+ $this->typeSanitized = [];
+ $this->lastKnownValue = [];
+ $this->cast = MyDefinition::CAST_NOT_SAFE;
+ $this->objectId = -1;
+ $this->arrayIndexes = [];
+ }
+
+ public function printStdout()
+ {
+ echo "cast = ".$this->getCast()."\n";
+
+ if ($this->isTainted()) {
+ echo "tainted = 1\n";
+
+ foreach ($this->taintedByDefs as $taintedByDef) {
+ echo "taintedByDef = '".$taintedByDef[0]->getId()."'\n";
+ }
+ }
+
+ echo "last_known_value :\n";
+ var_dump($this->lastKnownValue);
+ echo "is_embeddedbychar :\n";
+ var_dump($this->isEmbeddedByChar);
+ echo "isSanitized :\n";
+ var_dump($this->isSanitized);
+ echo "type_sanitized :\n";
+ var_dump($this->typeSanitized);
+ echo "objectid :\n";
+ var_dump($this->objectId);
+ echo "istypeinstance : '".$this->isType(MyDefinition::TYPE_INSTANCE)."'\n";
+ echo "allpropertiestainted : '".$this->isType(MyDefinition::ALL_PROPERTIES_TAINTED)."'\n";
+ echo "allarrayelementstainted : '".$this->isType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED)."'\n";
+ echo "istypearray : '".$this->isType(MyDefinition::TYPE_ARRAY)."'\n";
+ echo "istypearrayarray : '".$this->isType(MyDefinition::TYPE_ARRAY_ARRAY)."'\n";
+
+ foreach ($this->arrayIndexes as $arrayIndex) {
+ echo "index :\n";
+ var_dump($arrayIndex->index);
+ echo "def :\n";
+ $arrayIndex->def->printStdout();
+ }
+ }
+
+ public function addTaintedByDef($taintedByDef)
+ {
+ if (!in_array($taintedByDef, $this->taintedByDefs, true)) {
+ $this->taintedByDefs[] = $taintedByDef;
+ }
+ }
+
+ public function getTaintedByDefs()
+ {
+ return $this->taintedByDefs;
+ }
+
+ public function setTaintedByDefs($defs)
+ {
+ $this->taintedByDefs = $defs;
+ }
+
+ public function updateIsEmbeddedByChars($chars)
+ {
+ foreach ($chars as $char => $value) {
+ $curChar = isset($this->isEmbeddedByChar[$char]) ? $this->isEmbeddedByChar[$char] : 0;
+ $this->isEmbeddedByChar[$char] = ($value + $curChar) % 2;
+ }
+ }
+
+ public function setIsEmbeddedByChars($chars)
+ {
+ foreach ($chars as $char => $value) {
+ $this->isEmbeddedByChar[$char] = $value % 2;
+ }
+ }
+
+ public function getIsEmbeddedByChars()
+ {
+ return $this->isEmbeddedByChar;
+ }
+
+ public function setEmbeddedByChar($value)
+ {
+ $this->isEmbeddedByChar = $value;
+ }
+
+ public function setIsEmbeddedByChar($char, $bool)
+ {
+ $this->isEmbeddedByChar[$char] = $bool;
+ }
+
+ public function getIsEmbeddedByChar($char)
+ {
+ if (isset($this->isEmbeddedByChar[$char])) {
+ return $this->isEmbeddedByChar[$char];
+ }
+
+ return false;
+ }
+
+ public function setLabel($label)
+ {
+ $this->label = $label;
+ }
+
+ public function getLabel()
+ {
+ return $this->label;
+ }
+
+ public function setCast($cast)
+ {
+ $this->cast = $cast;
+ }
+
+ public function getCast()
+ {
+ return $this->cast;
+ }
+
+ public function addLastKnownValue($value)
+ {
+ $value = rtrim(ltrim($value));
+
+ if (Common::validLastKnownValue($value)
+ && !in_array($value, $this->lastKnownValue, true)
+ && count($this->lastKnownValue) < 10) {
+ $this->lastKnownValue[] = $value;
+ }
+ }
+
+ public function getLastKnownValues()
+ {
+ return $this->lastKnownValue;
+ }
+
+ public function setSanitized($isSanitized)
+ {
+ $this->isSanitized = $isSanitized;
+ }
+
+ public function isSanitized()
+ {
+ return $this->isSanitized;
+ }
+
+ public function setTypeSanitized($typeSanitized)
+ {
+ $this->typeSanitized = $typeSanitized;
+ }
+
+ public function getTypeSanitized()
+ {
+ return $this->typeSanitized;
+ }
+
+ public function addTypeSanitized($typeSanitized)
+ {
+ if (!in_array($typeSanitized, $this->typeSanitized, true)) {
+ $this->typeSanitized[] = $typeSanitized;
+ }
+ }
+
+ public function isTypeSanitized($typeSanitized)
+ {
+ if (in_array($typeSanitized, $this->typeSanitized, true)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public function isTainted()
+ {
+ return $this->isTainted;
+ }
+
+ public function setTainted($tainted)
+ {
+ $this->isTainted = $tainted;
+ }
+
+ public function createDefArrayIndex($blockId, $myArrayDef, $arrayIndex)
+ {
+ $myDef = new MyDefinition(
+ $blockId,
+ $myArrayDef->getSourceMyFile(),
+ $myArrayDef->getLine(),
+ $myArrayDef->getColumn(),
+ "built-in-index-array"
+ );
+
+ $myDef->addType(MyDefinition::TYPE_ARRAY_ELEMENT);
+ $this->addArrayIndex($arrayIndex, $myDef);
+ $this->addType(MyDefinition::TYPE_ARRAY);
+ $ret[] = $myDef;
+
+ $existingState = $myArrayDef->getState($blockId);
+
+ if (!is_null($existingState) && $existingState->isType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED)) {
+ $myDef->getCurrentState()->setTainted(true);
+ $myDef->getCurrentState()->addTaintedByDef([$myArrayDef, $myArrayDef->getCurrentState()]);
+ } elseif ($myArrayDef->getCurrentState()->isType(MyDefinition::ALL_ARRAY_ELEMENTS_TAINTED)) {
+ // data/source17.php
+ $myDef->getCurrentState()->setTainted(true);
+ $myDef->getCurrentState()->addTaintedByDef([$myArrayDef, $myArrayDef->getCurrentState()]);
+ }
+
+ return [true, $ret];
+ }
+
+ public function getOrCreateDefArrayIndex($blockId, $myArrayDef, $arrayIndex)
+ {
+ $ret = [];
+ $found = false;
+ for ($i = 0; $i < count($this->arrayIndexes); $i ++) {
+ if ($this->arrayIndexes[$i]->index === $arrayIndex) {
+ $found = true;
+ $ret[] = $this->arrayIndexes[$i]->def;
+ }
+ }
+
+ if ($found) {
+ return [false, $ret];
+ }
+
+ return $this->createDefArrayIndex($blockId, $myArrayDef, $arrayIndex);
+ }
+
+ public function isArrayIndexExists($arrayIndex)
+ {
+ for ($i = 0; $i < count($this->arrayIndexes); $i ++) {
+ if ($this->arrayIndexes[$i]->index === $arrayIndex) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ public function addArrayIndex($arrayIndex, $def)
+ {
+ if (!$this->isArrayIndexExists($arrayIndex)
+ && count($this->arrayIndexes) < 100) {
+ $ele = new \stdClass;
+ $ele->index = $arrayIndex;
+ $ele->def = $def;
+ $this->arrayIndexes[] = $ele;
+
+ return true;
+ }
+
+ return false;
+ }
+
+ public function overwriteArrayIndex($arrayIndex, $def)
+ {
+ for ($i = 0; $i < count($this->arrayIndexes); $i ++) {
+ if ($this->arrayIndexes[$i]->index === $arrayIndex) {
+ $this->arrayIndexes[$i]->def = $def;
+ break;
+ }
+ }
+ }
+
+ public function setArrayIndexes($arrayIndexes)
+ {
+ $this->arrayIndexes = $arrayIndexes;
+ }
+
+ public function getArrayIndexes()
+ {
+ return $this->arrayIndexes;
+ }
+
+ public function getObjectId()
+ {
+ return $this->objectId;
+ }
+
+ public function setObjectId($objectId)
+ {
+ $this->objectId = $objectId;
+ }
+}
diff --git a/package/src/progpilot/Objects/MyDefinition.php b/package/src/progpilot/Objects/MyDefinition.php
index bc39f125..66f6a4e5 100644
--- a/package/src/progpilot/Objects/MyDefinition.php
+++ b/package/src/progpilot/Objects/MyDefinition.php
@@ -15,378 +15,292 @@
use progpilot\Utils;
use progpilot\Transformations\Php\Common;
+use progpilot\Helpers\State as HelpersState;
+
class MyDefinition extends MyOp
{
- const CAST_SAFE = "cast_int";
- const CAST_NOT_SAFE = "cast_string";
+ const CAST_SAFE = 1;
+ const CAST_NOT_SAFE = 2;
const TYPE_PROPERTY = 0x0001;
const TYPE_ARRAY = 0x0002;
const TYPE_CONSTANTE = 0x0004;
const TYPE_REFERENCE = 0x0008;
const TYPE_ARRAY_REFERENCE = 0x0010;
- const TYPE_COPY_ARRAY = 0x0020;
+ const TYPE_ARRAY_ELEMENT = 0x0020;
const TYPE_INSTANCE = 0x0040;
const TYPE_GLOBAL = 0x0080;
const TYPE_STATIC_PROPERTY = 0x0100;
+ const ALL_PROPERTIES_TAINTED = 0x0200;
+ const ALL_ARRAY_ELEMENTS_TAINTED = 0x0400;
+ const TYPE_LITERAL = 0x0800;
+ const TYPE_ITERATOR = 0x1000;
+ const TYPE_ARRAY_ARRAY = 0x2000;
const SECURITY_HIGH = 1;
const SECURITY_LOW = 2;
- private $isCopyArray;
- private $objectId;
private $blockId;
- private $isTainted;
- private $isConst;
- private $isRef;
- private $refName;
- private $isRefArr;
- private $refArrValue;
- private $theArrays;
- private $theExpr;
- private $theExprs;
- private $taintedByExpr;
- private $instance;
private $className;
- private $isSanitized;
- private $typeSanitized;
- private $valueFromDef;
- private $cast;
- private $isProperty;
- private $isInstance;
- private $isEmbeddedByChar;
- private $label;
+ private $returnedFromValidator;
+ private $validWhenReturning;
+ private $validNotBoolean;
+ private $paramToArg;
+ private $argToParam;
+ private $isReturnDef;
+ private $refs;
+ private $iteratorValues;
- public $property;
+ public $original;
+ public $states;
- public function __construct($varLine, $varColumn, $varName)
+ public function __construct($blockId, $myFile, $varLine, $varColumn, $varName)
{
parent::__construct($varName, $varLine, $varColumn);
- $this->isEmbeddedByChar = [];
-
- $this->isCopyArray = false;
- $this->valueFromDef = null;
-
- $this->objectId = -1;
- $this->blockId = -1;
- $this->isTainted = false;
- $this->isConst = false;
- $this->isRef = false;
- $this->isRefArr = false;
- $this->refArrValue = null;
- $this->instance = false;
- $this->theArrays = [];
- $this->theExpr = null;
- $this->taintedByExpr = null;
+ $this->setSourceMyFile($myFile);
+ $this->blockId = $blockId;
$this->className = "";
- $this->label = MyDefinition::SECURITY_LOW;
-
- $this->isSanitized = false;
- $this->typeSanitized = [];
-
- $this->lastKnownValue = [];
-
- $this->property = new MyProperty;
- $this->cast = MyDefinition::CAST_NOT_SAFE;
+ $this->returnedFromValidator = false;
+ $this->validWhenReturning = false;
+ $this->validNotBoolean = false;
+ $this->paramToArg = null;
+ $this->argToParam = null;
+ $this->isReturnDef = null;
+ $this->refs = [];
+ $this->iteratorValues = [];
- $this->isProperty = false;
- $this->isInstance = false;
- }
+ $this->original = new MyDefOriginal;
+ $this->states = [];
+ $this->blocksIdsStates = [];
- public function __clone()
- {
- $this->property = clone $this->property;
+ // original state
+ $state = $this->createState();
+ $this->assignStateToBlockId($state->getId(), $blockId);
}
public function printStdout($context = null)
{
+ echo "_____________________ start def _____________________\n";
echo "def id ".$this->varId." :: \
name = ".htmlentities($this->getName(), ENT_QUOTES, 'UTF-8')." :: \
line = ".$this->getLine()." :: column = ".$this->getColumn()." :: \
- tainted = ".$this->isTainted()." :: \
- label = ".$this->getLabel()." :: \
ref = ".$this->isType(MyDefinition::TYPE_REFERENCE)." :: \
is_property = ".$this->isType(MyDefinition::TYPE_PROPERTY)." :: \
is_static_property = ".$this->isType(MyDefinition::TYPE_STATIC_PROPERTY)." :: \
- isInstance = ".$this->isType(MyDefinition::TYPE_INSTANCE)." :: \
+ is_type_array_element = ".$this->isType(MyDefinition::TYPE_ARRAY_ELEMENT)." :: \
+ isArray = ".$this->isType(MyDefinition::TYPE_ARRAY)." :: \
is_const = ".$this->isType(MyDefinition::TYPE_CONSTANTE)." :: \
- blockid = ".$this->getBlockId()." :: \
- cast = ".$this->getCast()."\n";
-
- echo "last_known_value :\n";
- var_dump($this->lastKnownValue);
-
- echo "is_embeddedbychar :\n";
- var_dump($this->isEmbeddedByChar);
- echo "type_sanitized :\n";
- var_dump($this->typeSanitized);
-
- if ($this->isType(MyDefinition::TYPE_ARRAY)) {
- echo "array index value :\n";
- var_dump($this->getArrayValue());
- }
-
- if ($this->getArrayValue() === "PROGPILOT_ALL_INDEX_TAINTED") {
- echo "array index value : PROGPILOT_ALL_INDEX_TAINTED\n";
- }
-
- if ($this->property->hasProperty("PROGPILOT_ALL_PROPERTIES_TAINTED")) {
- echo "property value : PROGPILOT_ALL_PROPERTIES_TAINTED\n";
+ is_iterator = ".$this->isType(MyDefinition::TYPE_ITERATOR)." :: \
+ is_return_def = ".$this->isReturnDef." :: \
+ blockid = ".$this->getBlockId()."\n";
+
+ if (!is_null($this->getParamToArg())) {
+ echo "it's a param (to arg possibility) start ===\n";
+ $this->getParamToArg()->printStdout();
+ echo "it's a param (to arg possibility) end ===\n";
}
- if ($this->isType(MyDefinition::TYPE_PROPERTY) || $this->isType(MyDefinition::TYPE_STATIC_PROPERTY)) {
- echo "property : ".Utils::printProperties("php", $this->property->getProperties())."\n";
- echo "class_name : ".htmlentities($this->getClassName(), ENT_QUOTES, 'UTF-8')."\n";
- echo "visibility : ".htmlentities($this->property->getVisibility(), ENT_QUOTES, 'UTF-8')."\n";
- }
+ $this->getSourceMyFile()->printStdout();
- if ($this->isType(MyDefinition::TYPE_INSTANCE)) {
- echo "instance : ".htmlentities($this->getClassName(), ENT_QUOTES, 'UTF-8')."\n";
- echo "object id : ".$this->getObjectId()."\n";
-
- if (!is_null($context)) {
- $tmpMyClass = $context->getObjects()->getMyClassFromObject($this->getObjectId());
- if (!is_null($tmpMyClass)) {
- echo "class of object : ".htmlentities($tmpMyClass->getName(), ENT_QUOTES, 'UTF-8')."\n";
- }
- }
+ foreach ($this->states as $id => $state) {
+ echo "state id '$id'\n";
+ echo "__________________ start state ________________________\n";
+ $state->printStdout();
+ echo "__________________ end state________________________\n";
}
- if ($this->isType(MyDefinition::TYPE_COPY_ARRAY)) {
- echo "copyarray start ================= count = ".count($this->getCopyArrays())."\n";
- foreach ($this->getCopyArrays() as $copyArray) {
- var_dump($copyArray[0]);
- }
- echo "copyarray end =================\n";
- }
- echo "__________________________________________\n\n\n";
+ echo "_____________________ states blocks associations _____________________\n\n\n";
+ var_dump($this->blocksIdsStates);
+ echo "_____________________ end def _____________________\n\n\n";
}
- public function setIsEmbeddedByChars($chars, $control)
+ public function unsetState($blockId)
{
- foreach ($chars as $char => $value) {
- if (!isset($this->isEmbeddedByChar[$char])) {
- $this->isEmbeddedByChar[$char] = $value;
- } else {
- if (!$value && !$control) {
- $this->isEmbeddedByChar[$char] = false;
- } elseif ($value) {
- $this->isEmbeddedByChar[$char] = true;
- }
- }
- }
- }
-
- public function getIsEmbeddedByChars()
- {
- return $this->isEmbeddedByChar;
- }
-
- public function setIsEmbeddedByChar($char, $bool)
- {
- $this->isEmbeddedByChar[$char] = $bool;
- }
-
- public function getIsEmbeddedByChar($char)
- {
- if (isset($this->isEmbeddedByChar[$char])) {
- return $this->isEmbeddedByChar[$char];
- }
-
- return false;
+ unset($this->blocksIdsStates[$blockId]);
}
- public function setLabel($label)
+ public function setStatesToBlocksIds($statesToBlocksIds)
{
- $this->label = $label;
+ $this->blocksIdsStates = $statesToBlocksIds;
}
- public function getLabel()
+ public function getStatesToBlocksIds()
{
- return $this->label;
+ return $this->blocksIdsStates;
}
- public function setCast($cast)
+ public function setStates($states)
{
- $this->cast = $cast;
+ $this->states = $states;
}
- public function getCast()
+ public function assignStateToBlockId($stateId, $blockId)
{
- return $this->cast;
- }
+ if (isset($this->blocksIdsStates[$blockId])
+ && $blockId !== $this->getBlockId()) {
+ $toRemove = true;
+ $overWrittentStateId = $this->blocksIdsStates[$blockId];
+ foreach ($this->blocksIdsStates as $keyBlockId => $valueStateId) {
+ if ($valueStateId === $overWrittentStateId
+ && $keyBlockId !== $blockId) {
+ $toRemove = false;
+ break;
+ }
+ }
- public function setValueFromDef($def)
- {
- $this->valueFromDef = $def;
- }
+ if ($toRemove) {
+ unset($this->states[$overWrittentStateId]);
+ }
+ }
- public function getValueFromDef()
- {
- return $this->valueFromDef;
+ $this->blocksIdsStates[$blockId] = $stateId;
}
- public function resetLastKnownValues()
+ public function createState()
{
- $this->lastKnownValue = [];
- }
+ $state = new MyDefState;
+ $this->states[$state->getId()] = $state;
- public function setLastKnownValues($values)
- {
- $this->lastKnownValue = $values;
+ return $state;
}
- public function setLastKnownValue($id, $value)
+ public function addState($newstate)
{
- $this->lastKnownValue[$id] = $value;
+ $this->states[$newstate->getId()] = $newstate;
}
- public function addLastKnownValue($value)
+ public function getCurrentState()
{
- $value = rtrim(ltrim($value));
-
- if (Common::validLastKnownValue($value) && !in_array($value, $this->lastKnownValue, true)) {
- $this->lastKnownValue[] = $value;
+ if (isset($this->blocksIdsStates[$this->blockId])) {
+ $stateId = $this->blocksIdsStates[$this->blockId];
+ if (isset($this->states[$stateId])) {
+ return $this->states[$stateId];
+ }
}
- }
- public function getLastKnownValues()
- {
- return $this->lastKnownValue;
+ return null;
}
- public function getClassName()
+ public function getNbStates()
{
- return $this->className;
+ return count($this->states);
}
- public function setClassName($className)
- {
- $this->className = $className;
- }
-
- public function getRefName()
+ public function getStates()
{
- return $this->refName;
+ return $this->states;
}
- public function setRefName($refname)
+ public function getState($blockId)
{
- $this->refName = $refname;
- }
+ if (isset($this->blocksIdsStates[$blockId])) {
+ $stateId = $this->blocksIdsStates[$blockId];
+ if (isset($this->states[$stateId])) {
+ return $this->states[$stateId];
+ }
+ }
- public function isTainted()
- {
- return $this->isTainted;
+ return null;
}
-
- public function setTainted($tainted)
+
+ public function setArgToParam($def)
{
- $this->isTainted = $tainted;
+ $this->argToParam = $def;
}
- public function setTaintedByExpr($expr)
+ public function getArgToParam()
{
- $this->taintedByExpr = $expr;
+ return $this->argToParam;
}
- public function getTaintedByExpr()
+ public function setParamToArg($def)
{
- return $this->taintedByExpr;
+ $this->paramToArg = $def;
}
- public function getRefArrValue()
+ public function getParamToArg()
{
- return $this->refArrValue;
+ return $this->paramToArg;
}
- public function setRefArrValue($arr)
+ public function setValidWhenReturning($value)
{
- $this->refArrValue = $arr;
+ $this->validWhenReturning = $value;
}
- public function getObjectId()
+ public function getValidWhenReturning()
{
- return $this->objectId;
+ return $this->validWhenReturning;
}
- public function setObjectId($objectId)
+ public function setValidNotBoolean($value)
{
- $this->objectId = $objectId;
+ $this->validNotBoolean = $value;
}
- public function getBlockId()
+ public function getValidNotBoolean()
{
- return $this->blockId;
+ return $this->validNotBoolean;
}
- public function setBlockId($blockId)
+ public function setReturnedFromValidator($value)
{
- $this->blockId = $blockId;
+ $this->returnedFromValidator = $value;
}
- public function addCopyArray($arr, $def)
+ public function getReturnedFromValidator()
{
- $val = [$arr, $def];
- if (!in_array($val, $this->theArrays, true)) {
- $this->theArrays[] = $val;
- }
+ return $this->returnedFromValidator;
}
- public function setCopyArrays($theArrays)
+ public function getClassName()
{
- $this->theArrays = $theArrays;
+ return $this->className;
}
- public function getCopyArrays()
+ public function setClassName($className)
{
- return $this->theArrays;
+ $this->className = $className;
}
- public function setExpr($myExpr)
+ public function getRefs()
{
- $this->theExpr = $myExpr;
+ return $this->refs;
}
- public function getExpr()
+ public function setRefs($refs)
{
- return $this->theExpr;
+ $this->refs = $refs;
}
- public function setSanitized($isSanitized)
+ public function getIteratorValues()
{
- $this->isSanitized = $isSanitized;
+ return $this->iteratorValues;
}
- public function isSanitized()
+ public function setIteratorValues($iteratorValues)
{
- return $this->isSanitized;
+ $this->iteratorValues = $iteratorValues;
}
- public function setTypeSanitized($typeSanitized)
+ public function getBlockId()
{
- $this->typeSanitized = $typeSanitized;
+ return $this->blockId;
}
- public function getTypeSanitized()
+ public function setBlockId($blockId)
{
- return $this->typeSanitized;
+ $this->blockId = $blockId;
}
- public function addTypeSanitized($typeSanitized)
+ public function isReturnDef()
{
- if (!in_array($typeSanitized, $this->typeSanitized, true)) {
- $this->typeSanitized[] = $typeSanitized;
- }
+ return $this->returnDef;
}
- public function isTypeSanitized($typeSanitized)
+ public function setReturnDef($returnDef)
{
- if (in_array($typeSanitized, $this->typeSanitized, true)) {
- return true;
- }
-
- return false;
+ $this->returnDef = $returnDef;
}
}
diff --git a/package/src/progpilot/Objects/MyExpr.php b/package/src/progpilot/Objects/MyExpr.php
deleted file mode 100644
index 7574c27a..00000000
--- a/package/src/progpilot/Objects/MyExpr.php
+++ /dev/null
@@ -1,122 +0,0 @@
-nbChars = [];
- $this->isConcat = false;
- $this->tainted = false;
- $this->assign = false;
- $this->assignIterator = false;
- $this->assignDef = null;
- $this->theDefs = [];
- }
-
- public function setNbChars($char, $nbChars)
- {
- $this->nbChars[$char] = $nbChars;
- }
-
- public function getNbChars($char)
- {
- if (isset($this->nbChars[$char])) {
- return $this->nbChars[$char];
- }
-
- return 0;
- }
-
- public function setIsConcat($concat)
- {
- $this->isConcat = $concat;
- }
-
- public function getIsConcat()
- {
- return $this->isConcat;
- }
-
- public function setTainted($tainted)
- {
- $this->tainted = $tainted;
- }
-
- public function isTainted()
- {
- foreach ($this->theDefs as $theDef) {
- if ($theDef->isTainted()) {
- return true;
- }
- }
- return false;
- }
-
- /* assignement utilisant cette expression */
- public function setAssignDef($def)
- {
- $this->assignDef = $def;
- }
-
- public function getAssignDef()
- {
- return $this->assignDef;
- }
-
- public function setAssignIterator($assignIterator)
- {
- $this->assignIterator = $assignIterator;
- }
-
- public function setAssign($assign)
- {
- $this->assign = $assign;
- }
-
- public function isAssign()
- {
- return $this->assign;
- }
-
- public function isAssignIterator()
- {
- return $this->assignIterator;
- }
-
- public function setDefs($defs)
- {
- $this->theDefs = $defs;
- }
-
- public function addDef($myDef)
- {
- if (!in_array($myDef, $this->theDefs, true)) {
- $this->theDefs[] = $myDef;
- }
- }
-
- public function getDefs()
- {
- return $this->theDefs;
- }
-}
diff --git a/package/src/progpilot/Objects/MyFile.php b/package/src/progpilot/Objects/MyFile.php
index a29b53f5..3ab9cc82 100644
--- a/package/src/progpilot/Objects/MyFile.php
+++ b/package/src/progpilot/Objects/MyFile.php
@@ -13,10 +13,16 @@
class MyFile extends MyOp
{
private $includedFromMyFile;
+ private $includedToMyFile;
- public function __construct($varName, $varLine, $varColumn)
+ public function setIncludedToMyfile($myFileTo)
{
- parent::__construct($varName, $varLine, $varColumn);
+ $this->includedToMyFile = $myFileTo;
+ }
+
+ public function getIncludedToMyfile()
+ {
+ return $this->includedToMyFile;
}
public function setIncludedFromMyfile($myFileFrom)
@@ -28,4 +34,19 @@ public function getIncludedFromMyfile()
{
return $this->includedFromMyFile;
}
+
+ public function printStdout($context = null)
+ {
+ echo "file ".$this->getName()."\n";
+ $includeFile = $this->getIncludedFromMyfile();
+ while (!is_null($includeFile)) {
+ echo "included from ".$includeFile->getName()."\n";
+ $includeFile = $includeFile->getIncludedFromMyfile();
+ }
+ $includeFile = $this->getIncludedToMyfile();
+ while (!is_null($includeFile)) {
+ echo "included to ".$includeFile->getName()."\n";
+ $includeFile = $includeFile->getIncludedToMyfile();
+ }
+ }
}
diff --git a/package/src/progpilot/Objects/MyFunction.php b/package/src/progpilot/Objects/MyFunction.php
index 3746cad3..7a80da2a 100644
--- a/package/src/progpilot/Objects/MyFunction.php
+++ b/package/src/progpilot/Objects/MyFunction.php
@@ -21,86 +21,141 @@ class MyFunction extends MyOp
const TYPE_FUNC_STATIC = 0x0002;
const TYPE_FUNC_METHOD = 0x0004;
+ private $lastLine;
+ private $lastColumn;
+ private $firstBlockId;
+ private $lastBlockIds;
+
private $nbParams;
private $params;
private $returnDefs;
+ private $initialReturnDefs;
private $defs;
+ private $opInformations;
private $blocks;
private $visibility;
private $myClass;
- private $instance;
private $blockId;
private $nameInstance;
private $thisDef;
- private $backDef;
-
- private $lastLine;
- private $lastColumn;
- private $lastBlockId;
+ private $instanceClassName;
- private $isAnalyzed;
- private $isDataAnalyzed;
+ private $thisHasBeenUpdated;
+ private $isVisited;
+ private $isVisitedFromInclude;
private $myCode;
- private $castReturn;
- public $property;
-
public function __construct($name)
{
parent::__construct($name, 0, 0);
+ $this->args = [];
$this->params = [];
+ $this->initialReturnDefs = [];
$this->returnDefs = [];
$this->visibility = "public";
- $this->myclass = null;
+ $this->myClass = null;
$this->nameInstance = null;
$this->thisDef = null;
- $this->backDef = null;
+ $this->instanceClassName = "";
$this->blockId = 0;
+ $this->firstBlockId = 0;
$this->nbParams = 0;
$this->lastLine = 0;
$this->lastColumn = 0;
- $this->lastBlockId = 0;
+ $this->lastBlockIds = [];
+ $this->lastExecutionTime = 0;
+ $this->startExecutionTime = 0;
+ $this->nbExecutions = 0;
- $this->isAnalyzed = false;
- $this->isDataAnalyzed = false;
+ $this->thisHasBeenUpdated = false;
+ $this->isVisited = false;
+ $this->isVisitedFromInclude = false;
+ $this->hasGlobalVariables = false;
- $this->property = new MyProperty;
$this->defs = new Definitions;
- $this->blocks = new \SplObjectStorage;
+ $this->opInformations = [];
+ $this->blocks = [];
$this->myCode = new \progpilot\Code\MyCode;
- $this->castReturn = MyDefinition::CAST_NOT_SAFE;
}
- public function __clone()
+ public function reset()
+ {
+ $this->opInformations = [];
+ }
+
+ public function setNbExecutions($nbExecutions)
+ {
+ $this->nbExecutions = $nbExecutions;
+ }
+
+ public function getNbExecutions()
+ {
+ return $this->nbExecutions;
+ }
+
+ public function setStartExecutionTime($startExecutionTime)
+ {
+ $this->startExecutionTime = $startExecutionTime;
+ }
+
+ public function getStartExecutionTime()
{
- $this->property = clone $this->property;
- $this->blocks = clone $this->blocks;
- $this->defs = clone $this->defs;
+ return $this->startExecutionTime;
}
- public function setIsDataAnalyzed($isDataAnalyzed)
+ public function setLastExecutionTime($lastExecutionTime)
{
- $this->isDataAnalyzed = $isDataAnalyzed;
+ $this->lastExecutionTime = $lastExecutionTime;
}
- public function isDataAnalyzed()
+ public function getLastExecutionTime()
{
- return $this->isDataAnalyzed;
+ return $this->lastExecutionTime;
}
- public function setIsAnalyzed($isAnalyzed)
+ public function setThisHasBeenUpdated($thisHasBeenUpdated)
{
- $this->isAnalyzed = $isAnalyzed;
+ $this->thisHasBeenUpdated = $thisHasBeenUpdated;
}
- public function isAnalyzed()
+ public function thisHasBeenUpdated()
{
- return $this->isAnalyzed;
+ return $this->thisHasBeenUpdated;
+ }
+
+ public function setHasGlobalVariables($hasGlobalVariables)
+ {
+ $this->hasGlobalVariables = $hasGlobalVariables;
+ }
+
+ public function hasGlobalVariables()
+ {
+ return $this->hasGlobalVariables;
+ }
+
+ public function setIsVisitedFromInclude($isVisited)
+ {
+ $this->isVisitedFromInclude = $isVisited;
+ }
+
+ public function isVisitedFromInclude()
+ {
+ return $this->isVisitedFromInclude;
+ }
+
+ public function setIsVisited($isVisited)
+ {
+ $this->isVisited = $isVisited;
+ }
+
+ public function isVisited()
+ {
+ return $this->isVisited;
}
public function setMyCode($myCode)
@@ -123,9 +178,21 @@ public function setLastColumn($lastColumn)
$this->lastColumn = $lastColumn;
}
- public function setLastBlockId($lastBlockId)
+ public function setLastBlockIds($lastBlockIds)
{
- $this->lastBlockId = $lastBlockId;
+ $this->lastBlockIds = $lastBlockIds;
+ }
+
+ public function getLastBlockIds()
+ {
+ return $this->lastBlockIds;
+ }
+
+ public function addLastBlockId($id)
+ {
+ if (!in_array($id, $this->lastBlockIds, true)) {
+ $this->lastBlockIds[] = $id;
+ }
}
public function getLastLine()
@@ -138,19 +205,14 @@ public function getLastColumn()
return $this->lastColumn;
}
- public function getLastBlockId()
- {
- return $this->lastBlockId;
- }
-
public function getMyClass()
{
- return $this->myclass;
+ return $this->myClass;
}
public function setMyClass($myClass)
{
- $this->myclass = $myClass;
+ $this->myClass = $myClass;
}
public function getThisDef()
@@ -163,14 +225,14 @@ public function setThisDef($thisDef)
$this->thisDef = $thisDef;
}
- public function getBackDef()
+ public function getInstanceClassName()
{
- return $this->backDef;
+ return $this->instanceClassName;
}
- public function setBackDef($backDef)
+ public function setInstanceClassName($instanceClassName)
{
- $this->backDef = $backDef;
+ $this->instanceClassName = $instanceClassName;
}
public function getNameInstance()
@@ -203,6 +265,86 @@ public function getBlocks()
return $this->blocks;
}
+ public function getBlockById($id)
+ {
+ foreach ($this->blocks as $block) {
+ if ($block->getId() === $id) {
+ return $block;
+ }
+ }
+
+ return null;
+ }
+
+ public function setOpInformations($opInformations)
+ {
+ $this->opInformations = $opInformations;
+ }
+
+ public function getOpInformations()
+ {
+ return $this->opInformations;
+ }
+
+ public function getOpId($op)
+ {
+ if (is_object($op)) {
+ return spl_object_hash($op);
+ }
+
+ return null;
+ }
+
+ public function getNbsOpInformations()
+ {
+ $nb = 0;
+ if (is_array($this->opInformations)) {
+ foreach ($this->opInformations as $opInformation) {
+ if (isset($opInformation["chained_results"])) {
+ $nb += count($opInformation["chained_results"]);
+ }
+
+ if (isset($opInformation["valid_when_returning"])) {
+ $nb += 1;
+ }
+
+ if (isset($opInformation["condition_defs"])) {
+ $nb += count($opInformation["condition_defs"]);
+ }
+ }
+ }
+
+ return $nb;
+ }
+
+ public function cleanOpInformations()
+ {
+ $this->opInformations = null;
+ }
+
+ public function cleanOpInformation($id)
+ {
+ if (isset($this->opInformations[$id])) {
+ unset($this->opInformations[$id]);
+ }
+ }
+
+ public function getOpInformation($id)
+ {
+ if (isset($this->opInformations[$id])) {
+ return $this->opInformations[$id];
+ }
+
+ return null;
+ }
+
+ public function storeOpInformation($id, $infos)
+ {
+ if (!empty($id)) {
+ $this->opInformations[$id] = $infos;
+ }
+ }
+
public function setDefs($defs)
{
$this->defs = $defs;
@@ -213,6 +355,16 @@ public function getDefs()
return $this->defs;
}
+ public function getStatePastArguments()
+ {
+ return $this->args;
+ }
+
+ public function addStatePastArgument($nbparam, $state)
+ {
+ $this->args[$nbparam][] = $state;
+ }
+
public function addParam($param)
{
$this->params[] = $param;
@@ -252,23 +404,43 @@ public function addReturnDef($return_def)
$this->returnDefs[] = $return_def;
}
- public function getBlockId()
+ public function setReturnDefs($returndefs)
{
- return $this->blockId;
+ $this->returnDefs = $returndefs;
}
- public function setBlockId($blockId)
+ public function getInitialReturnDefs()
{
- $this->blockId = $blockId;
+ return $this->initialReturnDefs;
}
-
- public function setCastReturn($cast)
+
+ public function addInitialReturnDef($returnDef)
{
- $this->castReturn = $cast;
+ $this->initialReturnDefs[] = $returnDef;
}
-
- public function getCastReturn()
+
+ public function setInitialReturnDefs($returndefs)
{
- return $this->castReturn;
+ $this->initialReturnDefs = $returndefs;
+ }
+
+ public function getFirstBlockId()
+ {
+ return $this->firstBlockId;
+ }
+
+ public function setFirstBlockId($blockId)
+ {
+ $this->firstBlockId = $blockId;
+ }
+
+ public function getBlockId()
+ {
+ return $this->blockId;
+ }
+
+ public function setBlockId($blockId)
+ {
+ $this->blockId = $blockId;
}
}
diff --git a/package/src/progpilot/Objects/MyOp.php b/package/src/progpilot/Objects/MyOp.php
index ca8ba703..09634b27 100644
--- a/package/src/progpilot/Objects/MyOp.php
+++ b/package/src/progpilot/Objects/MyOp.php
@@ -19,7 +19,6 @@ class MyOp
private $varLine;
private $varColumn;
private $sourceMyFile;
- private $arrayValue;
private $flags;
@@ -27,7 +26,7 @@ class MyOp
const TYPE_LITERAL = "type_literal";
const TYPE_ARRAY = "type_array";
const TYPE_ARRAY_EXPR = "type_array_expr";
- const TYPE_COPY_ARRAY = "type_copy_array";
+ const TYPE_ARRAY_ELEMENT = "type_array_element";
const TYPE_METHOD = "type_method";
const TYPE_INSTANCE = "type_instance";
const TYPE_PROPERTY = "type_property";
@@ -44,17 +43,11 @@ public function __construct($varName, $varLine, $varColumn)
$this->varLine = $varLine;
$this->varColumn = $varColumn;
$this->sourceMyFile = null;
- $this->arrayValue = false;
}
- public function setId($varId)
- {
- $this->varId = $varId;
- }
-
- public function getId()
+ public function __clone()
{
- return $this->varId;
+ $this->varId = MyOp::$nbObjects ++;
}
public function setType($flags)
@@ -84,14 +77,14 @@ public function removeType($type)
}
}
- public function setArrayValue($arrayValue)
+ public function setId($varId)
{
- $this->arrayValue = $arrayValue;
+ $this->varId = $varId;
}
- public function getArrayValue()
+ public function getId()
{
- return $this->arrayValue;
+ return $this->varId;
}
public function getLine()
diff --git a/package/src/progpilot/Objects/MyProperty.php b/package/src/progpilot/Objects/MyProperty.php
index dda82dc3..6831c2c3 100644
--- a/package/src/progpilot/Objects/MyProperty.php
+++ b/package/src/progpilot/Objects/MyProperty.php
@@ -10,16 +10,16 @@
namespace progpilot\Objects;
-class MyProperty extends MyOp
+class MyProperty extends MyDefinition
{
private $visibility;
- private $properties;
- public function __construct()
+ public function __construct($blockId, $myFile, $varLine, $varColumn, $varName)
{
- parent::__construct("", 0, 0);
+ parent::__construct($blockId, $myFile, $varLine, $varColumn, $varName);
+
+ $this->addType(MyDefinition::TYPE_PROPERTY);
$this->visibility = "public";
- $this->properties = [];
}
public function setVisibility($visibility)
@@ -31,37 +31,4 @@ public function getVisibility()
{
return $this->visibility;
}
-
- public function setProperties($properties)
- {
- $this->properties = $properties;
- }
-
- public function getProperties()
- {
- return $this->properties;
- }
-
- public function addProperty($property)
- {
- $this->properties[] = $property;
- }
-
- public function hasProperty($name)
- {
- if (is_array($this->properties)) {
- foreach ($this->properties as $property) {
- if ($property === $name) {
- return true;
- }
- }
- }
-
- return false;
- }
-
- public function popProperty()
- {
- return array_pop($this->properties);
- }
}
diff --git a/package/src/progpilot/Outputs/MyOutputs.php b/package/src/progpilot/Outputs/MyOutputs.php
index 55f9a3ec..140c6eef 100644
--- a/package/src/progpilot/Outputs/MyOutputs.php
+++ b/package/src/progpilot/Outputs/MyOutputs.php
@@ -12,126 +12,96 @@
use progpilot\Lang;
use progpilot\Representations\Callgraph;
-use progpilot\Representations\ControlFlowGraph;
-use progpilot\Representations\AbstractSyntaxTree;
-use PhpParser\NodeTraverser;
-
-class MyOutputs
+class MyOutputs extends MyOutputsInternalApi
{
- private $results;
- private $resolveIncludes;
- private $resolveIncludesFile;
- private $onAddResult;
- private $taintedFlow;
- private $countfilesanalyzed;
-
- public $currentIncludesFile;
- public $cfg;
- public $callgraph;
- public $ast;
-
- public function __construct()
- {
- $this->resolveIncludes = false;
- $this->resolveIncludesFile = null;
- $this->currentIncludesFile = [];
- $this->results = [];
- $this->taintedFlow = false;
- $this->onAddResult = null;
- $this->countfilesanalyzed = 0;
-
- $this->resetRepresentations();
- }
-
- public function resetRepresentations()
- {
- //$this->results = [];
- $this->cfg = new ControlFlowGraph;
- $this->callgraph = new Callgraph;
- $this->ast = new AbstractSyntaxTree;
- }
-
- public function getAst()
+ public function getAst($myFunc)
{
$nodesjson = [];
$linksjson = [];
- foreach ($this->ast->getNodes() as $node) {
- $hash = spl_object_hash($node);
+ if (!is_null($myFunc) && isset($this->ast[$myFunc->getId()])) {
+ $tmpAst = $this->ast[$myFunc->getId()];
- $nodesjson[] = array('name' => get_class($node), 'id' => $hash);
- }
+ foreach ($tmpAst->getNodes() as $node) {
+ $hash = spl_object_hash($node);
+
+ $nodesjson[] = array('name' => get_class($node), 'id' => $hash);
+ }
- foreach ($this->ast->getEdges() as $edge) {
- $caller = $edge[0];
- $callee = $edge[1];
+ foreach ($tmpAst->getEdges() as $edge) {
+ $caller = $edge[0];
+ $callee = $edge[1];
- $hashcaller = spl_object_hash($caller);
- $hashcallee = spl_object_hash($callee);
+ $hashcaller = spl_object_hash($caller);
+ $hashcallee = spl_object_hash($callee);
- if ($hashcaller !== $hashcallee) {
- $linksjson[] = array('target' => $hashcallee, 'source' => $hashcaller);
+ if ($hashcaller !== $hashcallee) {
+ $linksjson[] = array('target' => $hashcallee, 'source' => $hashcaller);
+ }
}
}
- $outputjson = array('nodes' => $nodesjson, 'links' => $linksjson);
-
- return $outputjson;
+ return array('nodes' => $nodesjson, 'links' => $linksjson);
}
- public function getCfg()
+ public function getCfg($myFunc)
{
$nodesjson = [];
$linksjson = [];
$realNodes = [];
- foreach ($this->cfg->getNodes() as $id => $node) {
- $realNodes[] = $id;
- $nodesjson[] = array('name' => $this->cfg->getTextOfMyBlock($id), 'id' => $id);
- }
+ if (!is_null($myFunc) && isset($this->cfg[$myFunc->getId()])) {
+ $tmpCfg = $this->cfg[$myFunc->getId()];
+
+ foreach ($tmpCfg->getNodes() as $id => $node) {
+ $realNodes[] = $id;
+ $nodesjson[] = array('name' => $tmpCfg->getTextOfMyBlock($id), 'id' => $id);
+ }
- foreach ($this->cfg->getEdges() as $edge) {
- $callerId = $this->cfg->getIdOfNode($edge[0]);
- $calleeId = $this->cfg->getIdOfNode($edge[1]);
+ foreach ($tmpCfg->getEdges() as $edge) {
+ $callerId = $tmpCfg->getIdOfNode($edge[0]);
+ $calleeId = $tmpCfg->getIdOfNode($edge[1]);
- if ($callerId !== $calleeId
- && in_array($callerId, $realNodes, true)
- && in_array($calleeId, $realNodes, true)) {
- $linksjson[] = array('source' => $callerId, 'target' => $calleeId);
+ if ($callerId !== $calleeId
+ && in_array($callerId, $realNodes, true)
+ && in_array($calleeId, $realNodes, true)) {
+ $linksjson[] = array('source' => $callerId, 'target' => $calleeId);
+ }
}
}
- $outputjson = array('nodes' => $nodesjson, 'links' => $linksjson);
- return $outputjson;
+ return array('nodes' => $nodesjson, 'links' => $linksjson);
}
- public function getCallGraph()
+ public function getCallGraph($myFunc)
{
$nodesjson = [];
$linksjson = [];
$realNodes = [];
- $nodes = $this->callgraph->getNodes();
+ if (!is_null($myFunc) && isset($this->callgraph[$myFunc->getId()])) {
+ $tmpCallgraph = $this->callgraph[$myFunc->getId()];
+ $nodes = $tmpCallgraph->getNodes();
- foreach ($nodes as $nodeCaller) {
- $realNodes[] = $nodeCaller->getId();
- $nodesjson[] = array('name' => $nodeCaller->getName(), 'id' => $nodeCaller->getId());
- }
+ foreach ($nodes as $nodeCaller) {
+ $realNodes[] = $nodeCaller->getId();
+ $nodesjson[] = array('name' => $nodeCaller->getName(), 'id' => $nodeCaller->getId());
+ }
- foreach ($nodes as $key => $nodeCaller) {
- foreach ($nodeCaller->getChildren() as $key => $nodeCalleeId) {
- $nodeCallee = $nodes[$nodeCalleeId];
- if ($nodeCaller->getId() !== $nodeCallee->getId()
- && in_array($nodeCaller->getId(), $realNodes, true)
- && in_array($nodeCallee->getId(), $realNodes, true)) {
- $linksjson[] = array('source' => $nodeCaller->getId(), 'target' => $nodeCallee->getId());
+ foreach ($nodes as $key => $nodeCaller) {
+ foreach ($nodeCaller->getChildren() as $key => $nodeCalleeId) {
+ $nodeCallee = $nodes[$nodeCalleeId];
+ if ($nodeCaller->getId() !== $nodeCallee->getId()
+ && in_array($nodeCaller->getId(), $realNodes, true)
+ && in_array($nodeCallee->getId(), $realNodes, true)) {
+ $linksjson[] = array('source' => $nodeCaller->getId(), 'target' => $nodeCallee->getId());
+ }
}
}
}
- $outputjson = array('nodes' => $nodesjson, 'links' => $linksjson);
- return $outputjson;
+ return array('nodes' => $nodesjson, 'links' => $linksjson);
}
public function setOnAddResult($func)
@@ -144,56 +114,25 @@ public function getOnAddResult()
return $this->onAddResult;
}
- public function addResult($temp)
- {
- if (!in_array($temp, $this->results, true)) {
- if (!is_null($this->onAddResult)) {
- $params = array($temp);
- call_user_func($this->onAddResult, $params);
- }
-
- $this->results[] = $temp;
- }
- }
-
- public function setResults(&$results)
- {
- $this->results = &$results;
- }
-
public function &getResults()
{
return $this->results;
}
- public function getCountAnalyzedFiles()
- {
- return $this->countfilesanalyzed;
- }
-
- public function setCountAnalyzedFiles($nb)
- {
- $this->countfilesanalyzed = $nb;
- }
-
- public function getResolveIncludes()
- {
- return $this->resolveIncludes;
- }
-
- public function resolveIncludes($option)
+ public function setIncludeFailuresFile($file)
{
- $this->resolveIncludes = $option;
- }
+ $log = true;
+ if (is_null($file) || empty($file)) {
+ $log = false;
+ }
- public function resolveIncludesFile($file)
- {
- $this->resolveIncludesFile = $file;
+ $this->writeIncludeFailures = $log;
+ $this->includeFailuresFile = $file;
}
- public function getresolveIncludesFile()
+ public function getIncludeFailuresFile()
{
- return $this->resolveIncludesFile;
+ return $this->includeFailuresFile;
}
public function taintedFlow($bool)
@@ -205,24 +144,4 @@ public function getTaintedFlow()
{
return $this->taintedFlow;
}
-
- public function writeIncludesFile()
- {
- if ($this->resolveIncludes) {
- $fp = fopen($this->resolveIncludesFile, "w");
- if ($fp) {
- $myArray = "";
- if (count($this->currentIncludesFile) > 0) {
- $myArray = [];
- foreach ($this->currentIncludesFile as $includeFile) {
- $myArray[] = [$includeFile->getName(), $includeFile->getLine(), $includeFile->getColumn()];
- }
- }
-
- $outputjson = array('includes_not_resolved' => $myArray);
- fwrite($fp, json_encode($outputjson, JSON_UNESCAPED_SLASHES));
- fclose($fp);
- }
- }
- }
}
diff --git a/package/src/progpilot/Outputs/MyOutputsInternalApi.php b/package/src/progpilot/Outputs/MyOutputsInternalApi.php
new file mode 100644
index 00000000..cc385d82
--- /dev/null
+++ b/package/src/progpilot/Outputs/MyOutputsInternalApi.php
@@ -0,0 +1,180 @@
+writeIncludeFailures = false;
+ $this->includeFailuresFile = null;
+ $this->currentIncludesFile = [];
+ $this->results = [];
+ $this->taintedFlow = false;
+ $this->onAddResult = null;
+ $this->countfilesanalyzed = 0;
+
+ $this->cfg = [];
+ $this->callgraph = [];
+ $this->ast = [];
+ }
+
+ public function resetRepresentationsForAllFunctions()
+ {
+ $this->cfg = [];
+ $this->callgraph = [];
+ $this->ast = [];
+ }
+
+ public function createRepresentationsForFunction($myFunc)
+ {
+ if (!is_null($myFunc)) {
+ $this->cfg[$myFunc->getId()] = new ControlFlowGraph;
+ $this->callgraph[$myFunc->getId()] = new Callgraph;
+ $this->ast[$myFunc->getId()] = new AbstractSyntaxTree;
+ }
+ }
+
+ // cfg accessors
+ public function cfgAddTextOfMyBlock($myFunc, $id, $text)
+ {
+ if (!is_null($myFunc) && isset($this->cfg[$myFunc->getId()])) {
+ $tmpCfg = $this->cfg[$myFunc->getId()];
+ $tmpCfg->addTextOfMyBlock($id, $text);
+ }
+ }
+
+ public function cfgAddNode($myFunc, $id, $block)
+ {
+ if (!is_null($myFunc) && isset($this->cfg[$myFunc->getId()])) {
+ $tmpCfg = $this->cfg[$myFunc->getId()];
+ $tmpCfg->addNode($id, $text);
+ }
+ }
+
+ public function cfgAddEdge($myFunc, $caller, $callee)
+ {
+ if (!is_null($myFunc) && isset($this->cfg[$myFunc->getId()])) {
+ $tmpCfg = $this->cfg[$myFunc->getId()];
+ $tmpCfg->addEdge($caller, $callee);
+ }
+ }
+
+ // callgraph accessors
+ public function callgraphAddNode($myFunc, $myFunccall, $myClass)
+ {
+ if (!is_null($myFunc) && isset($this->callgraph[$myFunc->getId()])) {
+ $tmpCallgraph = $this->callgraph[$myFunc->getId()];
+ $tmpCallgraph->addNode($myFunccall, $myClass);
+ }
+ }
+
+ public function callgraphAddEdge($myFunc, $myFuncCaller, $myClassCaller, $myFuncCallee, $myClassCallee)
+ {
+ if (!is_null($myFunc) && isset($this->callgraph[$myFunc->getId()])) {
+ $tmpCallgraph = $this->callgraph[$myFunc->getId()];
+ $tmpCallgraph->addEdge($myFuncCaller, $myClassCaller, $myFuncCallee, $myClassCallee);
+ }
+ }
+
+ public function callgraphAddFuncCall($myFunc, $myBlock, $myFunccall, $myClass)
+ {
+ if (!is_null($myFunc)
+ && isset($this->callgraph[$myFunc->getId()])) {
+ $tmpCallgraph = $this->callgraph[$myFunc->getId()];
+ $tmpCallgraph->addFuncCall($myBlock, $myFunccall, $myClass);
+ }
+ }
+
+ public function callgraphAddChild($myFunc, $myBlockParent, $myBlockChild)
+ {
+ if (!is_null($myFunc) && isset($this->callgraph[$myFunc->getId()])) {
+ $tmpCallgraph = $this->callgraph[$myFunc->getId()];
+ $tmpCallgraph->addChild($myBlockParent, $myBlockChild);
+ }
+ }
+
+ public function addResult($temp)
+ {
+ if (!in_array($temp, $this->results, true)) {
+ if (!is_null($this->onAddResult)) {
+ $params = array($temp);
+ call_user_func($this->onAddResult, $params);
+ }
+
+ $this->results[] = $temp;
+ }
+ }
+
+ public function setResults(&$results)
+ {
+ $this->results = &$results;
+ }
+
+ public function getCountAnalyzedFiles()
+ {
+ return $this->countfilesanalyzed;
+ }
+
+ public function setCountAnalyzedFiles($nb)
+ {
+ $this->countfilesanalyzed = $nb;
+ }
+
+ public function getWriteIncludeFailures()
+ {
+ return $this->writeIncludeFailures;
+ }
+
+ public function setWriteIncludeFailures($writeIncludeFailures)
+ {
+ $this->writeIncludeFailures = $writeIncludeFailures;
+ }
+
+ public function writeIncludesFile()
+ {
+ if ($this->writeIncludeFailures) {
+ $fp = fopen($this->includeFailuresFile, "w");
+ if ($fp) {
+ $myArray = "";
+ if (count($this->currentIncludesFile) > 0) {
+ $myArray = [];
+ foreach ($this->currentIncludesFile as $includeFile) {
+ $myArray[] = [$includeFile->getName(), $includeFile->getLine(), $includeFile->getColumn()];
+ }
+ }
+
+ $outputjson = array('include_failures' => $myArray);
+ fwrite($fp, json_encode($outputjson, JSON_UNESCAPED_SLASHES));
+ fclose($fp);
+ }
+ }
+ }
+}
diff --git a/package/src/progpilot/Representations/Callgraph.php b/package/src/progpilot/Representations/Callgraph.php
index 4ea7c930..26049230 100644
--- a/package/src/progpilot/Representations/Callgraph.php
+++ b/package/src/progpilot/Representations/Callgraph.php
@@ -70,8 +70,8 @@ public function addEdge($myFuncCaller, $myClassCaller, $myFuncCallee, $myClassCa
);
if (array_key_exists($NodeCGCaller->getId(), $this->nodes)
- && array_key_exists($NodeCGCallee->getId(), $this->nodes)
- && $NodeCGCaller->getId() !== $NodeCGCallee->getId()) {
+ && array_key_exists($NodeCGCallee->getId(), $this->nodes)
+ && $NodeCGCaller->getId() !== $NodeCGCallee->getId()) {
if (!in_array($NodeCGCallee->getId(), $this->nodes[$NodeCGCaller->getId()]->getChildren(), true)) {
$storage = $this->nodes[$NodeCGCaller->getId()]->getChildren();
$storage[] = $NodeCGCallee->getId();
@@ -186,12 +186,12 @@ public function computeCallGraph()
}
// calculate edges second case : calls from parents
- if (count($calls) > 0) {
+ if (!empty($calls)) {
$lastCallParent = $calls[count($calls) - 1][0];
$lastMyClassParent = $calls[count($calls) - 1][1];
foreach ($this->blocks[$myBlock]->children as $child) {
$calls = $this->getCalls($child);
- if (!is_null($calls) && count($calls) > 0) {
+ if (!is_null($calls) && !empty($calls)) {
$firstCallChild = $calls[0][0];
$firstMyClassChild = $calls[0][1];
$this->addEdge(
diff --git a/package/src/progpilot/Transformations/Js/Assign.php b/package/src/progpilot/Transformations/Js/Assign.php
index 17f9e288..ff531675 100644
--- a/package/src/progpilot/Transformations/Js/Assign.php
+++ b/package/src/progpilot/Transformations/Js/Assign.php
@@ -15,7 +15,6 @@
use progpilot\Objects\MyFunction;
use progpilot\Objects\MyDefinition;
-use progpilot\Objects\MyExpr;
use progpilot\Objects\MyOp;
use progpilot\Code\MyInstruction;
@@ -30,19 +29,7 @@ public static function instruction($context, $opExpr, $opDef)
$context->getCurrentMycode()->addCode(
new MyInstruction(Opcodes::START_ASSIGN)
);
- $context->getCurrentMycode()->addCode(
- new MyInstruction(Opcodes::START_EXPRESSION)
- );
- $myExpr = new MyExpr(
- $opExpr->loc->start->line,
- $opExpr->loc->start->column
- );
-
- $backDef = Expr::instruction($opExpr, $context, $myExpr);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
$context->getCurrentMycode()->addCode($instEndExpr);
$context->getCurrentMycode()->addCode(
@@ -76,9 +63,6 @@ public static function instruction($context, $opExpr, $opDef)
}
}
- $myDef->setExpr($myExpr);
- $myExpr->setAssign(true);
- $myExpr->setAssignDef($myDef);
$instDef = new MyInstruction(Opcodes::DEFINITION);
$instDef->addProperty(MyInstruction::DEF, $myDef);
diff --git a/package/src/progpilot/Transformations/Js/Expr.php b/package/src/progpilot/Transformations/Js/Expr.php
index 894d6351..8345d738 100644
--- a/package/src/progpilot/Transformations/Js/Expr.php
+++ b/package/src/progpilot/Transformations/Js/Expr.php
@@ -15,7 +15,6 @@
use progpilot\Objects\MyFunction;
use progpilot\Objects\MyDefinition;
-use progpilot\Objects\MyExpr;
use progpilot\Objects\MyOp;
use progpilot\Code\MyInstruction;
@@ -24,13 +23,12 @@
class Expr
{
-
- public static function instruction($op, $context, $myExpr)
+ public static function instruction($op, $context)
{
- return Expr::instructionInternal($op, $context, $myExpr);
+ return Expr::instructionInternal($op, $context);
}
- public static function instructionInternal($op, $context, $myExpr)
+ public static function instructionInternal($op, $context)
{
$myTempDef = null;
@@ -39,7 +37,6 @@ public static function instructionInternal($op, $context, $myExpr)
if ($typeright === "Identifier" || $typeright === "Literal" || $typeright === "MemberExpression") {
$myright = new MyDefinition($op->loc->start->line, $op->loc->start->column, $nameright);
- $myright->setExpr($myExpr);
if ($typeright === "MemberExpression") {
$propertyName = Common::getNameProperty($op);
@@ -59,17 +56,9 @@ public static function instructionInternal($op, $context, $myExpr)
}
if ($typeright === "BinaryExpression") {
- $myExpr->setIsConcat(true);
-
$context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::CONCAT_LEFT));
- Expr::instructionInternal($op->left, $context, $myExpr);
$context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::CONCAT_RIGHT));
- Expr::instructionInternal($op->right, $context, $myExpr);
- } elseif ($typeright === "CallExpression") {
- $myTempDef = FuncCall::instruction($context, $myExpr, $op);
- } elseif ($typeright === "NewExpression") {
- $myTempDef = FuncCall::instruction($context, $myExpr, $op);
}
return $myTempDef;
diff --git a/package/src/progpilot/Transformations/Js/FuncCall.php b/package/src/progpilot/Transformations/Js/FuncCall.php
index 3c1f847c..bb5801a3 100644
--- a/package/src/progpilot/Transformations/Js/FuncCall.php
+++ b/package/src/progpilot/Transformations/Js/FuncCall.php
@@ -15,7 +15,6 @@
use progpilot\Objects\MyFunction;
use progpilot\Objects\MyDefinition;
-use progpilot\Objects\MyExpr;
use progpilot\Objects\MyOp;
use progpilot\Code\MyInstruction;
@@ -41,22 +40,9 @@ public static function argument($arg, $op, $context, $instFuncCallMain, $funcCal
$myDef = new MyDefinition($op->loc->start->line, $op->loc->start->column, $defName);
$context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_ASSIGN));
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- $myExprparam = new MyExpr($op->loc->start->line, $op->loc->start->column);
- $myExprparam->setAssign(true);
- $myExprparam->setAssignDef($myDef);
$instFuncCallMain->addProperty("argdef$numParam", $myDef);
- $instFuncCallMain->addProperty("argexpr$numParam", $myExprparam);
-
- /*
- $myTemp = Expr::instruction($arg, $context, $myExprparam);
- if (!is_null($myTemp)) {
- $myDef->setValueFromDef($myTemp);
- }
- */
$myargumenttype = $arg->type;
$myargumentvalue = "";
@@ -75,7 +61,6 @@ public static function argument($arg, $op, $context, $instFuncCallMain, $funcCal
}
$mytemp = new MyDefinition($op->loc->start->line, $op->loc->start->column, $myargumentvalue);
- $mytemp->setExpr($myExprparam);
if ($myargumenttype === 'MemberExpression') {
$propertyName = Common::getNameProperty($arg);
@@ -87,10 +72,6 @@ public static function argument($arg, $op, $context, $instFuncCallMain, $funcCal
$instTemporarySimple->addProperty(MyInstruction::TEMPORARY, $mytemp);
$context->getCurrentMycode()->addCode($instTemporarySimple);
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExprparam);
- $context->getCurrentMycode()->addCode($instEndExpr);
-
$context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::END_ASSIGN));
$instDef = new MyInstruction(Opcodes::DEFINITION);
@@ -104,7 +85,6 @@ public static function argument($arg, $op, $context, $instFuncCallMain, $funcCal
*/
public static function instruction(
$context,
- $myExpr,
$op
) {
@@ -163,8 +143,6 @@ public static function instruction(
$myFunctionCall->setNbParams($nbparams);
$instFuncCallMain->addProperty(MyInstruction::MYFUNC_CALL, $myFunctionCall);
- $instFuncCallMain->addProperty(MyInstruction::EXPR, $myExpr);
- $instFuncCallMain->addProperty(MyInstruction::ARR, false);
$context->getCurrentMycode()->addCode($instFuncCallMain);
return $mybackdef;
diff --git a/package/src/progpilot/Transformations/Js/Transform.php b/package/src/progpilot/Transformations/Js/Transform.php
index 4c0c3552..268589b8 100644
--- a/package/src/progpilot/Transformations/Js/Transform.php
+++ b/package/src/progpilot/Transformations/Js/Transform.php
@@ -13,7 +13,6 @@
use progpilot\Objects\MyFunction;
use progpilot\Objects\MyBlock;
use progpilot\Objects\MyDefinition;
-use progpilot\Objects\MyExpr;
use progpilot\Objects\MyClass;
use progpilot\Objects\MyOp;
use progpilot\Objects\MyFile;
@@ -77,7 +76,7 @@ public function v8jsExecute()
$this->context->getCurrentMycode()->addCode($instFunc);
// because when we call (funccall) a function by name, it can be undefined
- $this->context->getFunctions()->addFunction($myFunction->getName(), $myFunction);
+ $this->context->getFunctions()->addFunction("file.js", "function", $myFunction->getName(), $myFunction);
$this->context->setCurrentFunc($myFunction);
foreach ($cfg[2] as $FlowNode) {
@@ -85,7 +84,10 @@ public function v8jsExecute()
if (isset($astNode->type)) {
if ($astNode->type !== "exit") {
- $myBlock = new MyBlock;
+ $myBlock = new MyBlock(
+ $this->context->getCurrentLine(),
+ $this->context->getCurrentColumn()
+ );
$myBlock->setStartAddressBlock(count($this->context->getCurrentMycode()->getCodes()));
//$this->context->setCurrentBlock($FlowNode);
@@ -119,20 +121,6 @@ public function v8jsExecute()
break;
case 'CallExpression':
- $myExpr = new MyExpr(
- $astNode->loc->start->line,
- $astNode->loc->start->column
- );
- $this->context->getCurrentMycode()->addCode(
- new MyInstruction(Opcodes::START_EXPRESSION)
- );
-
- FuncCall::instruction($this->context, $myExpr, $astNode);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $this->context->getCurrentMycode()->addCode($instEndExpr);
-
break;
case 'ReturnStatement':
diff --git a/package/src/progpilot/Transformations/Php/ArrayExpr.php b/package/src/progpilot/Transformations/Php/ArrayExpr.php
deleted file mode 100644
index 8f27c38d..00000000
--- a/package/src/progpilot/Transformations/Php/ArrayExpr.php
+++ /dev/null
@@ -1,97 +0,0 @@
-ops[0]->values)) {
- $nbArrayExpr = 0;
- foreach ($op->ops[0]->values as $value) {
- $name = Common::getNameDefinition($value);
- $type = Common::getTypeDefinition($value);
- $typeArray = Common::getTypeIsArray($value);
-
- // we create an element for each value of array expr
- // name_arr = [expr1, expr2] => name_arr[0] = expr1, name_arr[1] = expr2
- if (isset($op->ops[0]->keys[$nbArrayExpr]->value)) {
- $indexValue = $op->ops[0]->keys[$nbArrayExpr]->value;
- $buildingArr = array($indexValue => $arr);
- } elseif (isset($op->ops[0]->keys[$nbArrayExpr]->ops[0]->name->value)) {
- // const arr(CONST => "value")
- $indexValue = $op->ops[0]->keys[$nbArrayExpr]->ops[0]->name->value;
- $buildingArr = array($indexValue => $arr);
- } else {
- $buildingArr = array($nbArrayExpr => $arr);
- }
-
- if ($typeArray === MyOp::TYPE_ARRAY_EXPR) {
- $buildingArr = ArrayExpr::instruction($value, $context, $buildingArr, $defName, $isReturnDef);
- } else {
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_ASSIGN));
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- $myExpr = new MyExpr($context->getCurrentLine(), $context->getCurrentColumn());
- $myExpr->setAssign(true);
-
- Expr::instruction($value, $context, $myExpr, null);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $context->getCurrentMycode()->addCode($instEndExpr);
-
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::END_ASSIGN));
-
- // mydef after expr because expr is executed before (and his id lower than mydef id)
- $myDef = new MyDefinition($context->getCurrentLine(), $context->getCurrentColumn(), $defName);
-
- if ($isReturnDef) {
- $context->getCurrentFunc()->addReturnDef($myDef);
- }
-
- $myExpr->setAssignDef($myDef);
-
- // we reverse the arr
- $arrtrans = BuildArrays::buildArrayFromArr($buildingArr, false);
-
- $myDef->addType(MyDefinition::TYPE_ARRAY);
- $myDef->setArrayValue($arrtrans);
-
- $instDef = new MyInstruction(Opcodes::DEFINITION);
- $instDef->addProperty(MyInstruction::DEF, $myDef);
- $context->getCurrentMycode()->addCode($instDef);
-
- unset($myExpr);
- unset($myDef);
- }
-
- $nbArrayExpr ++;
- }
- }
-
- return $buildingArr;
- }
-}
diff --git a/package/src/progpilot/Transformations/Php/Assign.php b/package/src/progpilot/Transformations/Php/Assign.php
index 74ce94b9..4bb5eb83 100644
--- a/package/src/progpilot/Transformations/Php/Assign.php
+++ b/package/src/progpilot/Transformations/Php/Assign.php
@@ -12,46 +12,49 @@
use PHPCfg\Block;
use PHPCfg\Op;
+use PHPCfg\Operand;
use progpilot\Objects\MyFunction;
use progpilot\Objects\MyDefinition;
-use progpilot\Objects\MyExpr;
use progpilot\Objects\MyOp;
use progpilot\Code\MyInstruction;
use progpilot\Code\Opcodes;
use progpilot\Transformations\Php\Transform;
use progpilot\Transformations\Php\OpTr;
+use progpilot\Transformations\Php\Common;
+use progpilot\Transformations\Php\Exprs\PropertyFetch;
+use progpilot\Transformations\Php\Exprs\DimFetch;
+use progpilot\Transformations\Php\Exprs\VariableFetch;
+use progpilot\Transformations\Php\Exprs\ArrayFetch;
class Assign
{
- public static function instruction($context, $isReturnDef = false, $isDefine = false)
- {
+ public static function instruction(
+ $context,
+ $op,
+ $expr,
+ $var,
+ $isReturnDef = false,
+ $isDefine = false
+ ) {
+ $backDef = null;
+
if ($isDefine) {
$name = "const_".rand();
if (isset($context->getCurrentOp()->args[0]->value)) {
$name = $context->getCurrentOp()->args[0]->value;
+ $var = $context->getCurrentOp()->args[0];
}
- $type = MyOp::TYPE_CONST;
- $typeArray = null;
- $typeInstance = null;
-
- $exprOp = $context->getCurrentOp();
if (isset($context->getCurrentOp()->args[1])) {
- $exprOp = $context->getCurrentOp()->args[1];
+ $expr = $context->getCurrentOp()->args[1];
}
} else {
$name = Common::getNameDefinition($context->getCurrentOp());
- $type = Common::getTypeDefinition($context->getCurrentOp());
- $typeArray = Common::getTypeIsArray($context->getCurrentOp());
- $typeInstance = Common::getTypeIsInstance($context->getCurrentOp());
-
if (empty($name)) {
$name = "empty_".rand();
}
-
- $exprOp = $context->getCurrentOp()->expr;
}
// name of function return
@@ -59,109 +62,84 @@ public static function instruction($context, $isReturnDef = false, $isDefine = f
$name = $context->getCurrentFunc()->getName()."_return";
}
- // $array = [expr, expr, expr]
- if ($typeArray === MyOp::TYPE_ARRAY_EXPR) {
- $arr = false;
- if (isset($context->getCurrentOp()->var)) {
- $arr = BuildArrays::buildArrayFromOps($context->getCurrentOp()->var, false);
- }
-
- ArrayExpr::instruction($context->getCurrentOp()->expr, $context, $arr, $name, $isReturnDef);
- } else {
- $isRef = false;
- if ($context->getCurrentOp() instanceof Op\Expr\AssignRef) {
- $isRef = true;
- }
-
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_ASSIGN));
-
- // it's an expression which will define a definition
- $myExpr = new MyExpr($context->getCurrentLine(), $context->getCurrentColumn());
- $myExpr->setAssign(true);
+ $instAssign = new MyInstruction(Opcodes::END_ASSIGN);
- if (isset($context->getCurrentOp()->expr->ops[0])
- && $context->getCurrentOp()->expr->ops[0] instanceof Op\Iterator\Value) {
- $myExpr->setAssignIterator(true);
- }
-
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- $backDef = Expr::instruction($exprOp, $context, $myExpr);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $context->getCurrentMycode()->addCode($instEndExpr);
-
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::END_ASSIGN));
-
- $myDef = new MyDefinition($context->getCurrentLine(), $context->getCurrentColumn(), $name);
+ // extra = properties, arrays
+ // $left(extra) = $right(extra) <= expr right
- if ($isRef) {
- $myDef->addType(MyDefinition::TYPE_REFERENCE);
- }
+ // let's start by the right part
+ // in case of the expr has not been catched naturally in the transform
+ if (isset($expr)) {
+ Expr::implicitfetch($context, $expr, null);
+ }
- if ($type === MyOp::TYPE_CONST) {
+ // let's continue by the left part
+ $instDefinition = new MyInstruction(Opcodes::DEFINITION);
+
+ $myDef = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ $name
+ );
+
+ switch (Common::getTypeDef($op)) {
+ case MyOp::TYPE_ARRAY:
+ $myDef->addType(MyDefinition::TYPE_ARRAY);
+ $myDef->getCurrentState()->addType(MyDefinition::TYPE_ARRAY);
+ break;
+ case MyOp::TYPE_PROPERTY:
+ $myDef->addType(MyDefinition::TYPE_PROPERTY);
+ break;
+ case MyOp::TYPE_STATIC_PROPERTY:
+ $myDef->addType(MyDefinition::TYPE_STATIC_PROPERTY);
+ break;
+ case MyOp::TYPE_CONST:
$myDef->addType(MyDefinition::TYPE_CONSTANTE);
- }
-
- if ($isReturnDef) {
- $context->getCurrentFunc()->addReturnDef($myDef);
- }
+ break;
+ case MyOp::TYPE_VARIABLE:
+ break;
+ default:
+ break;
+ }
- $myExpr->setAssignDef($myDef);
+ $instDefinition->addProperty(MyInstruction::DEF, $myDef);
+ $context->getCurrentMycode()->addCode($instDefinition);
- $instDef = new MyInstruction(Opcodes::DEFINITION);
- $instDef->addProperty(MyInstruction::DEF, $myDef);
- $context->getCurrentMycode()->addCode($instDef);
+ $instAssign->addProperty(MyInstruction::DEF, $myDef);
- // $array[09][098] = expr;
- if ($typeArray === MyOp::TYPE_ARRAY) {
- $arr = BuildArrays::buildArrayFromOps($context->getCurrentOp()->var, false);
- $myDef->addType(MyDefinition::TYPE_ARRAY);
- $myDef->setArrayValue($arr);
- }
+ if ($op instanceof Op\Expr\AssignRef) {
+ $instAssign->addProperty(MyInstruction::REFERENCE, true);
+ }
- // a variable, property
- if ($type === MyOp::TYPE_PROPERTY) {
- $myDef->addType(MyDefinition::TYPE_PROPERTY);
- $propertyName = Common::getNameProperty($context->getCurrentOp()->var->ops[0]);
- $myDef->property->setProperties($propertyName);
- }
+ if ($isReturnDef) {
+ $context->getCurrentFunc()->addReturnDef($myDef);
+ $context->getCurrentBlock()->addReturnDef($myDef);
+ $myDef->setReturnDef(true);
+ }
- // a variable, property
- if ($type === MyOp::TYPE_STATIC_PROPERTY) {
- $myDef->addType(MyDefinition::TYPE_STATIC_PROPERTY);
- $propertyName = Common::getNameProperty($context->getCurrentOp()->var->ops[0]);
- $myDef->property->setProperties($propertyName);
- }
+ $instAssign->addProperty(
+ MyInstruction::EXPRID,
+ $context->getCurrentFunc()->getOpId($expr)
+ );
- // an object (created by new)
- if ($typeInstance === MyOp::TYPE_INSTANCE) {
- // it's the class name not instance name
- if (isset($context->getCurrentOp()->expr->ops[0]->class->value)) {
- $nameClass = $context->getCurrentOp()->expr->ops[0]->class->value;
- $myDef->addType(MyDefinition::TYPE_INSTANCE);
- $myDef->setClassName($nameClass);
-
- // ou bien créer backdef ici
- if (!is_null($backDef)) {
- $backDef->setId($myDef->getId() + 1);
- }
- }
- }
+ if (!$isReturnDef) {
+ $instAssign->addProperty(
+ MyInstruction::VARID,
+ $context->getCurrentFunc()->getOpId($var)
+ );
+ }
- if ($isRef) {
- $refName = Common::getNameDefinition($context->getCurrentOp()->expr);
- $refType = Common::getTypeDefinition($context->getCurrentOp()->expr);
- $refTypeArray = Common::getTypeIsArray($context->getCurrentOp()->expr);
- $myDef->setRefName($refName);
-
- if ($refTypeArray === MyOp::TYPE_ARRAY) {
- $arr = BuildArrays::buildArrayFromOps($context->getCurrentOp()->expr, false);
- $myDef->addType(MyDefinition::TYPE_ARRAY_REFERENCE);
- $myDef->setRefArrValue($arr);
- }
- }
+ if (isset($op->result)) {
+ $instAssign->addProperty(
+ MyInstruction::RESULTID,
+ $context->getCurrentFunc()->getOpId($op->result)
+ );
}
+
+ $context->getCurrentMycode()->addCode($instAssign);
+
+ return $backDef;
}
}
diff --git a/package/src/progpilot/Transformations/Php/BuildArrays.php b/package/src/progpilot/Transformations/Php/BuildArrays.php
deleted file mode 100644
index 2a8aed73..00000000
--- a/package/src/progpilot/Transformations/Php/BuildArrays.php
+++ /dev/null
@@ -1,94 +0,0 @@
-ops)) {
- foreach ($initops->ops as $op) {
- if ($op instanceof Op\Expr\ArrayDimFetch) {
- return BuildArrays::functionStartOps($op->var);
- }
- }
- }
-
- if ($initops instanceof Op\Iterator\Value) {
- return BuildArrays::functionStartOps($initops->var);
- }
-
- return $initops;
- }
-
- public static function buildArrayFromArr($start, $end)
- {
- if (is_array($start)) {
- foreach ($start as $ind => $value) {
- $end = array($ind => $end);
- $end = BuildArrays::buildArrayFromArr($value, $end);
- }
- }
-
- return $end;
- }
-
- public static function extractArrayFromArr($originalarr, $indarr)
- {
- if ($originalarr === $indarr) {
- return false;
- }
-
- $arr = $originalarr;
-
- if (is_array($indarr)) {
- foreach ($indarr as $ind => $value) {
- if (isset($originalarr[$ind])) {
- if ($originalarr[$ind] === $indarr[$ind]) {
- return $originalarr[$ind];
- }
-
- $arr = BuildArrays::extractArrayFromArr($originalarr[$ind], $indarr[$ind]);
- } else {
- $arr = false;
- }
- }
- }
-
- return $arr;
- }
-
- public static function buildArrayFromOps($initops, $arr)
- {
- if (isset($initops->ops)) {
- foreach ($initops->ops as $op) {
- if ($op instanceof Op\Expr\ArrayDimFetch) {
- $ind = 0;
- if (isset($op->dim->value)) {
- $ind = $op->dim->value;
- } elseif (isset($op->dim->ops[0]->name->value)) {
- $ind = $op->dim->ops[0]->name->value;
- }
-
- $arr = array($ind => $arr);
- $arr = BuildArrays::buildArrayFromOps($op->var, $arr);
- }
- }
- }
-
- return $arr;
- }
-}
diff --git a/package/src/progpilot/Transformations/Php/Common.php b/package/src/progpilot/Transformations/Php/Common.php
index f9392a38..31c1d001 100644
--- a/package/src/progpilot/Transformations/Php/Common.php
+++ b/package/src/progpilot/Transformations/Php/Common.php
@@ -14,6 +14,7 @@
use PHPCfg\Op;
use PHPCfg\Operand;
+use progpilot\Objects\MyDefinition;
use progpilot\Objects\MyOp;
use progpilot\Code\MyInstruction;
use progpilot\Code\Opcodes;
@@ -30,45 +31,69 @@ public static function validLastKnownValue($value)
return false;
}
- public static function getNameProperty($op)
+ public static function isChainedKnownType($op)
{
- $propertyNameArray = [];
+ if ($op instanceof Op\Expr\PropertyFetch
+ || $op instanceof Op\Expr\StaticPropertyFetch
+ || $op instanceof Op\Expr\ArrayDimFetch) {
+ return true;
+ }
- if (isset($op->ops[0])) {
- if ($op->ops[0] instanceof Op\Expr\ArrayDimFetch) {
- $propertyNameArray = Common::getNameProperty($op->ops[0]);
- }
+ return false;
+ }
- if ($op instanceof Op\Expr\PropertyFetch) {
- $propertyNameArray = Common::getNameProperty($op->ops[0]);
- }
+ public static function getTypeDef($op)
+ {
+ // the order is important (current it breaks array14.php)
+ // first we look for the left side
+ // this->foo
+
+ if (isset($op->var->ops[0])) {
+ if (isset($op->var->ops[0]->var->ops[0])
+ && Common::isChainedKnownType($op->var->ops[0]->var->ops[0])
+ && $op->var->ops[0]->var->ops[0] !== $op->var->ops[0]) {
+ return Common::getTypeDef($op->var->ops[0]);
+ } else {
+ if ($op->var->ops[0] instanceof Op\Expr\PropertyFetch) {
+ return MyOp::TYPE_PROPERTY;
+ }
- if ($op instanceof Op\Expr\StaticPropertyFetch) {
- $propertyNameArray = Common::getNameProperty($op->ops[0]);
- }
- }
+ if ($op->var->ops[0] instanceof Op\Expr\StaticPropertyFetch) {
+ return MyOp::TYPE_STATIC_PROPERTY;
+ }
- if (isset($op->var->ops)) {
- foreach ($op->var->ops as $opeach) {
- if ($opeach instanceof Op\Expr\ArrayDimFetch) {
- $propertyNameArray = Common::getNameProperty($opeach);
+ if ($op->var->ops[0] instanceof Op\Expr\ArrayDimFetch) {
+ return MyOp::TYPE_ARRAY;
}
- if ($opeach instanceof Op\Expr\PropertyFetch) {
- $propertyNameArray = Common::getNameProperty($opeach);
+ if ($op->var->ops[0] instanceof Op\Expr\Array_) {
+ return MyOp::TYPE_ARRAY_EXPR;
}
- if ($opeach instanceof Op\Expr\StaticPropertyFetch) {
- $propertyNameArray = Common::getNameProperty($opeach);
+ if (isset($op->var->original->name->value)) {
+ return MyOp::TYPE_VARIABLE;
}
}
}
-
- if (isset($op->name->value)) {
- $propertyNameArray[] = $op->name->value;
+
+ // then for the right
+ // foo = array()
+ // foo = define("FOO")
+ if (isset($op) && isset($op->name)) {
+ if ($op instanceof Op\Expr\FuncCall
+ && $op->name instanceof Operand\Literal
+ && $op->name->value === "define") {
+ return MyOp::TYPE_CONST;
+ }
+ }
+
+ if (isset($op->expr->ops[0])) {
+ if ($op->expr->ops[0] instanceof Op\Expr\Array_) {
+ return MyOp::TYPE_ARRAY_EXPR;
+ }
}
- return $propertyNameArray;
+ return null;
}
public static function getNameDefinition($ops, $lookingForProperty = false)
@@ -146,7 +171,7 @@ public static function getNameDefinition($ops, $lookingForProperty = false)
if (isset($ops->name->value)) {
return $ops->name->value;
}
-
+
// arrayexpr
if (isset($ops->value)) {
return $ops->value;
@@ -179,225 +204,4 @@ public static function getTypeVisibility($visibility)
return "public";
}
}
-
- public static function isFuncCallWithoutReturn($op)
- {
- if (!(isset($op->result->usages[0])) || (
- // funccall()[0]
- !(isset($op->result->usages[0]) && $op->result->usages[0] instanceof Op\Expr\ArrayDimFetch) &&
- // test = funccall() // funcccall(funccall())
- !(isset($op->result->usages[0])
- && (
- $op->result->usages[0] instanceof Op\Terminal\Echo_
- || $op->result->usages[0] instanceof Op\Terminal\Return_
- || $op->result->usages[0] instanceof Op\Expr\Print_
- || $op->result->usages[0] instanceof Op\Expr\StaticCall
- || $op->result->usages[0] instanceof Op\Expr\MethodCall
- || $op->result->usages[0] instanceof Op\Expr\NsFuncCall
- || $op->result->usages[0] instanceof Op\Expr\FuncCall
- || $op->result->usages[0] instanceof Op\Expr\Assign
- || $op->result->usages[0] instanceof Op\Expr\BinaryOp\Concat
- || $op->result->usages[0] instanceof Op\Expr\Array_
- || $op->result->usages[0] instanceof Op\Expr\Include_
- || $op->result->usages[0] instanceof Op\Expr\Eval_
-
- || $op->result->usages[0] instanceof Op\Expr\Cast\Int_
- || $op->result->usages[0] instanceof Op\Expr\Cast\Array_
- || $op->result->usages[0] instanceof Op\Expr\Cast\Bool_
- || $op->result->usages[0] instanceof Op\Expr\Cast\Double_
- || $op->result->usages[0] instanceof Op\Expr\Cast\Object_
- || $op->result->usages[0] instanceof Op\Expr\Cast\String_
-
- || $op->result->usages[0] instanceof Op\Iterator\Reset
- ))
- )) {
- return true;
- }
-
- return false;
- }
-
- public static function getTypeIsArray($ops)
- {
- if (isset($ops->ops[0])) {
- if ($ops->ops[0] instanceof Op\Expr\FuncCall
- || $ops->ops[0] instanceof Op\Expr\NsFuncCall
- || $ops->ops[0] instanceof Op\Expr\MethodCall
- || $ops->ops[0] instanceof Op\Expr\StaticCall
- || $ops->ops[0] instanceof Op\Expr\New_) {
- return MyOp::TYPE_FUNCCALL_ARRAY;
- }
-
- if ($ops->ops[0] instanceof Op\Expr\ArrayDimFetch) {
- $ret = Common::getTypeDefinition($ops->ops[0]);
-
- if ($ret === MyOp::TYPE_FUNCCALL_ARRAY) {
- return MyOp::TYPE_FUNCCALL_ARRAY;
- }
-
- return MyOp::TYPE_ARRAY;
- }
-
- if ($ops->ops[0] instanceof Op\Expr\Array_) {
- return MyOp::TYPE_ARRAY_EXPR;
- }
- }
-
- if (isset($ops->expr->ops[0])) {
- if ($ops->expr->ops[0] instanceof Op\Expr\Array_) {
- return MyOp::TYPE_ARRAY_EXPR;
- }
- }
-
- if (isset($ops->var->ops[0])) {
- if ($ops->var->ops[0] instanceof Op\Expr\ArrayDimFetch) {
- $ret = Common::getTypeDefinition($ops->var->ops[0]);
-
- if ($ret == MyOp::TYPE_FUNCCALL_ARRAY) {
- return MyOp::TYPE_FUNCCALL_ARRAY;
- }
-
- return MyOp::TYPE_ARRAY;
- }
-
- if ($ops->var->ops[0] instanceof Op\Expr\FuncCall
- || $ops->var->ops[0] instanceof Op\Expr\NsFuncCall
- || $ops->var->ops[0] instanceof Op\Expr\MethodCall
- || $ops->var->ops[0] instanceof Op\Expr\StaticCall
- || $ops->var->ops[0] instanceof Op\Expr\New_) {
- return MyOp::TYPE_FUNCCALL_ARRAY;
- }
- }
-
- if (isset($ops->var->original->name)) {
- if ($ops->var->original->name instanceof Operand\Literal) {
- return MyOp::TYPE_LITERAL;
- }
- }
-
- if (isset($ops->expr->original->name)) { // return
- if ($ops->expr->original->name instanceof Operand\Literal) {
- return MyOp::TYPE_LITERAL;
- }
- }
-
- if (isset($ops->original->name)) {
- if ($ops->original->name instanceof Operand\Literal) {
- return MyOp::TYPE_LITERAL;
- }
- }
-
- if ($ops instanceof Op\Expr\ArrayDimFetch) {
- return MyOp::TYPE_ARRAY;
- }
-
- if ($ops instanceof Operand\Literal) {
- return MyOp::TYPE_LITERAL;
- }
-
- return null;
- }
-
-
- public static function getTypeIsInstance($ops)
- {
- if (isset($ops->expr->ops[0])) {
- if ($ops->expr->ops[0] instanceof Op\Expr\New_) {
- return MyOp::TYPE_INSTANCE;
- }
- }
-
- return null;
- }
-
- public static function getTypeDefinition($ops)
- {
- if (isset($ops->ops[0])) {
- if ($ops->ops[0] instanceof Op\Expr\ConstFetch) {
- return MyOp::TYPE_CONST;
- }
-
- if ($ops->ops[0] instanceof Op\Expr\FuncCall
- || $ops->ops[0] instanceof Op\Expr\NsFuncCall
- || $ops->ops[0] instanceof Op\Expr\MethodCall
- || $ops->ops[0] instanceof Op\Expr\StaticCall
- || $ops->ops[0] instanceof Op\Expr\New_) {
- return MyOp::TYPE_FUNCCALL_ARRAY;
- }
-
- if ($ops->ops[0] instanceof Op\Expr\PropertyFetch) {
- return MyOp::TYPE_PROPERTY;
- }
-
- if ($ops->ops[0] instanceof Op\Expr\StaticPropertyFetch) {
- return MyOp::TYPE_STATIC_PROPERTY;
- }
-
- if ($ops->ops[0] instanceof Op\Expr\ArrayDimFetch) {
- return Common::getTypeDefinition($ops->ops[0]);
- }
- }
-
- if (isset($ops->var->ops[0])) {
- if ($ops->var->ops[0] instanceof Op\Expr\ArrayDimFetch) {
- return Common::getTypeDefinition($ops->var->ops[0]);
- }
-
- if ($ops->var->ops[0] instanceof Op\Expr\PropertyFetch) {
- return MyOp::TYPE_PROPERTY;
- }
-
- if ($ops->var->ops[0] instanceof Op\Expr\StaticPropertyFetch) {
- return MyOp::TYPE_STATIC_PROPERTY;
- }
-
- if ($ops->var->ops[0] instanceof Op\Expr\FuncCall
- || $ops->var->ops[0] instanceof Op\Expr\NsFuncCall
- || $ops->var->ops[0] instanceof Op\Expr\MethodCall
- || $ops->var->ops[0] instanceof Op\Expr\StaticCall
- || $ops->var->ops[0] instanceof Op\Expr\New_) {
- return MyOp::TYPE_FUNCCALL_ARRAY;
- }
- }
-
- if (isset($ops->var->original->name)) {
- if ($ops->var->original->name instanceof Operand\Literal) {
- return MyOp::TYPE_VARIABLE;
- }
- }
-
- if (isset($ops->expr->original->name)) { // return
- if ($ops->expr->original->name instanceof Operand\Literal) {
- return MyOp::TYPE_LITERAL;
- }
- }
-
- if (isset($ops->original->name)) {
- if ($ops->original instanceof Operand\Variable) {
- return MyOp::TYPE_VARIABLE;
- }
-
- if ($ops->original->name instanceof Operand\Literal) {
- return MyOp::TYPE_LITERAL;
- }
- }
-
- if ($ops instanceof Operand\Literal) {
- return MyOp::TYPE_LITERAL;
- }
-
- if ($ops instanceof Op\Expr\PropertyFetch) {
- return MyOp::TYPE_PROPERTY;
- }
-
- if ($ops instanceof Op\Expr\StaticPropertyFetch) {
- return MyOp::TYPE_STATIC_PROPERTY;
- }
-
- if ($ops instanceof Op\Iterator\Value) {
- return MyOp::TYPE_VARIABLE;
- }
-
- return null;
- }
}
diff --git a/package/src/progpilot/Transformations/Php/Expr.php b/package/src/progpilot/Transformations/Php/Expr.php
index b87aacb4..121e302f 100644
--- a/package/src/progpilot/Transformations/Php/Expr.php
+++ b/package/src/progpilot/Transformations/Php/Expr.php
@@ -15,260 +15,40 @@
use progpilot\Objects\MyFunction;
use progpilot\Objects\MyDefinition;
-use progpilot\Objects\MyExpr;
use progpilot\Objects\MyOp;
use progpilot\Code\MyInstruction;
use progpilot\Code\Opcodes;
use progpilot\Transformations\Php\Transform;
+use progpilot\Transformations\Php\Exprs\PropertyFetch;
+use progpilot\Transformations\Php\Exprs\StaticPropertyFetch;
+use progpilot\Transformations\Php\Exprs\DimFetch;
+use progpilot\Transformations\Php\Exprs\VariableFetch;
+use progpilot\Transformations\Php\Exprs\FunccallFetch;
+use progpilot\Transformations\Php\Exprs\ConcatFetch;
+use progpilot\Transformations\Php\Exprs\ArrayFetch;
+use progpilot\Transformations\Php\Exprs\CastFetch;
+use progpilot\Transformations\Php\Exprs\ConstFetch;
+use progpilot\Transformations\Php\Exprs\LiteralFetch;
class Expr
{
- public static function setChars($myExpr, $myTemp, $string, $arrayChars)
+ public static function explicitfetch($context, $op, $expr)
{
- if (is_string($string)) {
- $nbChars = [];
- foreach ($arrayChars as $char) {
- $nbChars[$char] = 0;
- }
-
- for ($i = 0; $i < strlen($string); $i++) {
- foreach ($arrayChars as $char) {
- if ($string[$i] === $char) {
- $nbChars[(string) $char] ++;
- }
- }
- }
-
- foreach ($arrayChars as $char) {
- $myExpr->setNbChars($char, $myExpr->getNbChars($char) + $nbChars[$char]);
- $myTemp->setIsEmbeddedByChar($char, $myExpr->getNbChars($char));
- }
- }
+ CastFetch::castFetch($context, $op, $expr);
+ ConcatFetch::concatFetch($context, $op, $expr);
+ DimFetch::dimFetch($context, $op);
+ PropertyFetch::propertyFetch($context, $op);
+ StaticPropertyFetch::staticPropertyFetch($context, $op);
+ FunccallFetch::funccallFetch($context, $op);
+ VariableFetch::variableFetch($context, $op, $expr);
+ ArrayFetch::arrayFetch($context, $op);
+ ConstFetch::constFetch($context, $op);
}
- public static function setCharsDefsOfMyExpr(
- &$defsOfExpr,
- $myExpr,
- $arrayChars
- ) {
- $nbChars = [];
-
- foreach ($defsOfExpr as $oneDef) {
- if ($oneDef->getIsEmbeddedByChar("<") >
- $oneDef->getIsEmbeddedByChar(">")) {
- $oneDef->setIsEmbeddedByChar("<", true);
- } else {
- $oneDef->setIsEmbeddedByChar("<", false);
- }
-
- if ((($oneDef->getIsEmbeddedByChar("'") % 2) === 1)
- && $myExpr->getNbChars("'") > $oneDef->getIsEmbeddedByChar("'")) {
- $oneDef->setIsEmbeddedByChar("'", true);
- } else {
- $oneDef->setIsEmbeddedByChar("'", false);
- }
- }
- }
-
- public static function instruction($op, $context, $myExpr, $cast = MyDefinition::CAST_NOT_SAFE)
+ public static function implicitfetch($context, $op, $expr)
{
- $defsOfExpr = [];
- $ret = Expr::instructionInternal($defsOfExpr, $op, $context, $myExpr, $cast);
- Expr::setCharsDefsOfMyExpr($defsOfExpr, $myExpr, ["'", "<", ">"]);
-
- return $ret;
- }
-
- public static function instructionInternal(
- &$defsOfExpr,
- $op,
- $context,
- $myExpr,
- $cast = MyDefinition::CAST_NOT_SAFE,
- $phi = false
- ) {
- $myTempDef = null;
- $arrFuncCall = false;
- $name = Common::getNameDefinition($op);
- $type = Common::getTypeDefinition($op);
- $typeArray = Common::getTypeIsArray($op);
-
- if ($op instanceof Op\Phi) {
- $instTemporarySimple = new MyInstruction(Opcodes::TEMPORARY);
- $instTemporarySimple->addProperty(MyInstruction::PHI, count($op->vars));
-
- $nbvars = 0;
- foreach ($op->vars as $var) {
- $myTemp = Expr::instructionInternal($defsOfExpr, $var, $context, $myExpr, $cast, true);
-
- if (!is_null($myTemp)) {
- $instTemporarySimple->addProperty("temp_".$nbvars, $myTemp);
- $nbvars ++;
- }
- }
-
- $instTemporarySimple->addProperty(MyInstruction::PHI, $nbvars);
- $context->getCurrentMycode()->addCode($instTemporarySimple);
- // end of expression
- } elseif (!is_null($type) && $type !== MyOp::TYPE_FUNCCALL_ARRAY) {
- if (is_null($name)) {
- $name = mt_rand();
- }
-
- $arr = BuildArrays::buildArrayFromOps($op, false);
-
- $column = $context->getCurrentColumn();
- if ($op instanceof Op\Expr\Assign) {
- $column = $op->getAttribute("startFilePos", -1);
- }
-
- $myTemp = new MyDefinition($context->getCurrentLine(), $column, $name);
- if ($type === MyOp::TYPE_CONST || $type === MyOp::TYPE_LITERAL) {
- $myTemp->addLastKnownValue($name);
- }
- $myTemp->setCast($cast);
-
- Expr::setChars($myExpr, $myTemp, $name, ["'", "<", ">"]);
-
- if ($arr != false) {
- $myTemp->addType(MyDefinition::TYPE_ARRAY);
- $myTemp->setArrayValue($arr);
- }
-
- $myTemp->setExpr($myExpr);
- $defsOfExpr[] = $myTemp;
-
- if ($type === MyOp::TYPE_CONST) {
- $myTemp->addType(MyDefinition::TYPE_CONSTANTE);
- }
-
- if ($type === MyOp::TYPE_PROPERTY) {
- $propertyName = "";
- if (isset($op->ops[0])) {
- $propertyName = Common::getNameProperty($op->ops[0]);
- }
-
- $myTemp->addType(MyDefinition::TYPE_PROPERTY);
- $myTemp->property->setProperties($propertyName);
- }
-
- if ($type === MyOp::TYPE_STATIC_PROPERTY) {
- $propertyName = "";
- if (isset($op->ops[0])) {
- $propertyName = Common::getNameProperty($op->ops[0]);
- }
-
- $myTemp->addType(MyDefinition::TYPE_STATIC_PROPERTY);
- $myTemp->property->setProperties($propertyName);
- }
-
- if (!$phi) {
- $instTemporarySimple = new MyInstruction(Opcodes::TEMPORARY);
- $instTemporarySimple->addProperty(MyInstruction::TEMPORARY, $myTemp);
- $context->getCurrentMycode()->addCode($instTemporarySimple);
- }
-
- return $myTemp;
- } elseif ($type === MyOp::TYPE_FUNCCALL_ARRAY) {
- // func()[0][1]
- $arrFuncCall = BuildArrays::buildArrayFromOps($op, false);
- $startOps = BuildArrays::functionStartOps($op);
- $op = $startOps;
- }
-
- if (isset($op->ops)) {
- foreach ($op->ops as $ops) {
- if ($ops instanceof Op\Expr\Cast\Int_
- || $ops instanceof Op\Expr\Cast\Array_
- || $ops instanceof Op\Expr\Cast\Bool_
- || $ops instanceof Op\Expr\Cast\Double_
- || $ops instanceof Op\Expr\Cast\Object_) {
- Expr::instructionInternal(
- $defsOfExpr,
- $ops->expr,
- $context,
- $myExpr,
- MyDefinition::CAST_SAFE,
- $phi
- );
- } elseif ($ops instanceof Op\Expr\Cast\String_) {
- Expr::instructionInternal(
- $defsOfExpr,
- $ops->expr,
- $context,
- $myExpr,
- MyDefinition::CAST_NOT_SAFE,
- $phi
- );
- } elseif ($ops instanceof Op\Expr\BinaryOp\Concat) {
- $myExpr->setIsConcat(true);
-
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::CONCAT_LEFT));
- Expr::instructionInternal($defsOfExpr, $ops->left, $context, $myExpr, $cast, $phi);
-
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::CONCAT_RIGHT));
- Expr::instructionInternal($defsOfExpr, $ops->right, $context, $myExpr, $cast, $phi);
- } elseif ($ops instanceof Op\Expr\ConcatList) {
- $myExpr->setIsConcat(true);
-
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::CONCAT_LIST));
-
- foreach ($ops->list as $opsbis) {
- Expr::instructionInternal($defsOfExpr, $opsbis, $context, $myExpr, $cast, $phi);
- }
- } elseif ($ops instanceof Op\Expr\Include_) {
- $oldOp = $context->getCurrentOp();
- $context->setCurrentOp($ops);
- FuncCall::instruction($context, $myExpr, $arrFuncCall, false, false, $cast);
- $context->setCurrentOp($oldOp);
- } elseif ($ops instanceof Op\Expr\Print_) {
- $oldOp = $context->getCurrentOp();
- $context->setCurrentOp($ops);
- FuncCall::instruction($context, $myExpr, $arrFuncCall, false, false, $cast);
- $context->setCurrentOp($oldOp);
- } elseif ($ops instanceof Op\Terminal\Echo_) {
- $oldOp = $context->getCurrentOp();
- $context->setCurrentOp($ops);
- FuncCall::instruction($context, $myExpr, $arrFuncCall, false, false, $cast);
- $context->setCurrentOp($oldOp);
- } elseif ($ops instanceof Op\Expr\Eval_) {
- $oldOp = $context->getCurrentOp();
- $context->setCurrentOp($ops);
- FuncCall::instruction($context, $myExpr, $arrFuncCall, false, false, $cast);
- $context->setCurrentOp($oldOp);
- } elseif ($ops instanceof Op\Expr\Exit_) {
- $oldOp = $context->getCurrentOp();
- $context->setCurrentOp($ops);
- FuncCall::instruction($context, $myExpr, $arrFuncCall, false, false, $cast);
- $context->setCurrentOp($oldOp);
- } elseif ($ops instanceof Op\Expr\FuncCall || $ops instanceof Op\Expr\NsFuncCall) {
- $oldOp = $context->getCurrentOp();
- $context->setCurrentOp($ops);
- $myTempDef = FuncCall::instruction($context, $myExpr, $arrFuncCall, false, false, $cast);
- $context->setCurrentOp($oldOp);
- } elseif ($ops instanceof Op\Expr\MethodCall) {
- $oldOp = $context->getCurrentOp();
- $context->setCurrentOp($ops);
- $myTempDef = FuncCall::instruction($context, $myExpr, $arrFuncCall, true, false, $cast);
- $context->setCurrentOp($oldOp);
- } elseif ($ops instanceof Op\Expr\StaticCall) {
- $oldOp = $context->getCurrentOp();
- $context->setCurrentOp($ops);
- $myTempDef = FuncCall::instruction($context, $myExpr, $arrFuncCall, false, true, $cast);
- $context->setCurrentOp($oldOp);
- } elseif ($ops instanceof Op\Expr\New_) {
- // funccall for the constructor
- $oldOp = $context->getCurrentOp();
- $context->setCurrentOp($ops);
- $myTempDef = FuncCall::instruction($context, $myExpr, $arrFuncCall, false, false, $cast);
- $context->setCurrentOp($oldOp);
- } else {
- $myTempDef = Expr::instructionInternal($defsOfExpr, $ops, $context, $myExpr, $cast, $phi);
- }
- }
- }
-
- return $myTempDef;
+ VariableFetch::variableFetch($context, $op, $expr);
+ LiteralFetch::literalFetch($context, $op);
}
}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/ArrayFetch.php b/package/src/progpilot/Transformations/Php/Exprs/ArrayFetch.php
new file mode 100644
index 00000000..4277d0a9
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/ArrayFetch.php
@@ -0,0 +1,65 @@
+values) && !empty($op->values)) {
+ $instVariableFetch = new MyInstruction(Opcodes::ARRAY_EXPR);
+ $nbArrayExpr = 0;
+ foreach ($op->values as $value) {
+ if (isset($op->keys[$nbArrayExpr])) {
+ $instVariableFetch->addProperty(
+ "key".$nbArrayExpr,
+ $context->getCurrentFunc()->getOpId($op->keys[$nbArrayExpr])
+ );
+
+ Expr::implicitfetch($context, $op->keys[$nbArrayExpr], "");
+ }
+
+ Expr::implicitfetch($context, $value, "");
+ $instVariableFetch->addProperty(
+ "value".$nbArrayExpr,
+ $context->getCurrentFunc()->getOpId($value)
+ );
+
+ $nbArrayExpr ++;
+ }
+
+
+ $instVariableFetch->addProperty(
+ MyInstruction::RESULTID,
+ $context->getCurrentFunc()->getOpId($op->result)
+ );
+
+ $instVariableFetch->addProperty(
+ "nbkeys",
+ $nbArrayExpr
+ );
+
+ $context->getCurrentMycode()->addCode($instVariableFetch);
+ }
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/CastFetch.php b/package/src/progpilot/Transformations/Php/Exprs/CastFetch.php
new file mode 100644
index 00000000..dd231e1f
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/CastFetch.php
@@ -0,0 +1,46 @@
+expr, $expr);
+ $instDefChained = new MyInstruction(Opcodes::CAST);
+ $instDefChained->addProperty("type_cast", MyDefinition::CAST_SAFE);
+ $instDefChained->addProperty(MyInstruction::EXPRID, $context->getCurrentFunc()->getOpId($op->expr));
+ $instDefChained->addProperty(MyInstruction::RESULTID, $context->getCurrentFunc()->getOpId($op->result));
+ $context->getCurrentMycode()->addCode($instDefChained);
+ } elseif ($op instanceof Op\Expr\Cast\String_) {
+ Expr::implicitfetch($context, $op->expr, $expr);
+ $instDefChained = new MyInstruction(Opcodes::CAST);
+ $instDefChained->addProperty("type_cast", MyDefinition::CAST_NOT_SAFE);
+ $instDefChained->addProperty(MyInstruction::EXPRID, $context->getCurrentFunc()->getOpId($op->expr));
+ $instDefChained->addProperty(MyInstruction::RESULTID, $context->getCurrentFunc()->getOpId($op->result));
+ $context->getCurrentMycode()->addCode($instDefChained);
+ }
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/ConcatFetch.php b/package/src/progpilot/Transformations/Php/Exprs/ConcatFetch.php
new file mode 100644
index 00000000..cec2f9b7
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/ConcatFetch.php
@@ -0,0 +1,50 @@
+left, $expr);
+ $instDefChained->addProperty(MyInstruction::LEFTID, $context->getCurrentFunc()->getOpId($op->left));
+ Expr::implicitfetch($context, $op->right, $expr);
+ $opIds = [];
+ $opIds[] = $context->getCurrentFunc()->getOpId($op->right);
+ $instDefChained->addProperty(MyInstruction::RIGHTID, $opIds);
+ $instDefChained->addProperty(MyInstruction::RESULTID, $context->getCurrentFunc()->getOpId($op->result));
+
+ $context->getCurrentMycode()->addCode($instDefChained);
+ } elseif ($op instanceof Op\Expr\ConcatList) {
+ $instDefChained = new MyInstruction(Opcodes::CONCAT_LEFT);
+
+ $opIds = [];
+ foreach ($op->list as $opsbis) {
+ $opIds[] = $context->getCurrentFunc()->getOpId($opsbis);
+ Expr::implicitfetch($context, $opsbis, $expr);
+ }
+ $instDefChained->addProperty(MyInstruction::RIGHTID, $opIds);
+ $instDefChained->addProperty(MyInstruction::RESULTID, $context->getCurrentFunc()->getOpId($op->result));
+ $context->getCurrentMycode()->addCode($instDefChained);
+ }
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/ConstFetch.php b/package/src/progpilot/Transformations/Php/Exprs/ConstFetch.php
new file mode 100644
index 00000000..bda1c3a6
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/ConstFetch.php
@@ -0,0 +1,48 @@
+name)
+ && $op->name instanceof Operand\Literal) {
+ $myTemp = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ $op->name->value
+ );
+ $myTemp->getCurrentState()->addType(MyDefinition::TYPE_CONSTANTE);
+ if ($op->name->value === "DIRECTORY_SEPARATOR") {
+ $myTemp->getCurrentState()->addLastKnownValue("/");
+ } else {
+ $myTemp->getCurrentState()->addLastKnownValue($op->name->value);
+ }
+
+ $instDefChained = new MyInstruction(Opcodes::CONST_FETCH);
+ $instDefChained->addProperty(MyInstruction::DEF, $myTemp);
+ $instDefChained->addProperty(MyInstruction::RESULTID, $context->getCurrentFunc()->getOpId($op->result));
+ $context->getCurrentMycode()->addCode($instDefChained);
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/DimFetch.php b/package/src/progpilot/Transformations/Php/Exprs/DimFetch.php
new file mode 100644
index 00000000..36285204
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/DimFetch.php
@@ -0,0 +1,67 @@
+dim->value)) {
+ $instDefChained->addProperty(MyInstruction::ARRAY_DIM, $op->dim->value);
+ } else {
+ // null when for pushing elements $arr[] = $ele;
+ $instDefChained->addProperty(MyInstruction::ARRAY_DIM, 0);
+ }
+
+ if (isset($op->result)) {
+ $instDefChained->addProperty(
+ MyInstruction::RESULTID,
+ $context->getCurrentFunc()->getOpId($op->result)
+ );
+ }
+
+ if (isset($op->var)) {
+ $instDefChained->addProperty(
+ MyInstruction::VARID,
+ $context->getCurrentFunc()->getOpId($op->var)
+ );
+ }
+
+ // beginning of the chain
+ if (isset($op->var->original)) {
+ $originalDef = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ $op->var->original->name->value
+ );
+
+ $instDefChained->addProperty(MyInstruction::ORIGINAL_DEF, $originalDef);
+
+ if ($originalDef->getName() === "GLOBALS") {
+ $context->getCurrentFunc()->setHasGlobalVariables(true);
+ }
+ }
+
+ $context->getCurrentMycode()->addCode($instDefChained);
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/FunccallFetch.php b/package/src/progpilot/Transformations/Php/Exprs/FunccallFetch.php
new file mode 100644
index 00000000..4ac201c4
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/FunccallFetch.php
@@ -0,0 +1,43 @@
+getCurrentOp();
+ $context->setCurrentOp($op);
+ FuncCall::instruction($context);
+ $context->setCurrentOp($oldOp);
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/LiteralFetch.php b/package/src/progpilot/Transformations/Php/Exprs/LiteralFetch.php
new file mode 100644
index 00000000..e2d22025
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/LiteralFetch.php
@@ -0,0 +1,43 @@
+getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ "literal"
+ );
+
+ $myTemp->getCurrentState()->addType(MyDefinition::TYPE_LITERAL);
+ $myTemp->getCurrentState()->addLastKnownValue($op->value);
+
+ $instDefChained = new MyInstruction(Opcodes::LITERAL_FETCH);
+ $instDefChained->addProperty(MyInstruction::DEF, $myTemp);
+ $instDefChained->addProperty(MyInstruction::RESULTID, $context->getCurrentFunc()->getOpId($op));
+ $context->getCurrentMycode()->addCode($instDefChained);
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/PropertyFetch.php b/package/src/progpilot/Transformations/Php/Exprs/PropertyFetch.php
new file mode 100644
index 00000000..815284bd
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/PropertyFetch.php
@@ -0,0 +1,71 @@
+name->value)) {
+ $instDefChained = new MyInstruction(Opcodes::PROPERTY_FETCH);
+ $instDefChained->addProperty(MyInstruction::PROPERTY_NAME, $op->name->value);
+
+ // beginning of the chain
+ if (isset($op->var->original)) {
+ $originalDef = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ $op->var->original->name->value
+ );
+ $originalDef->addType(MyDefinition::TYPE_PROPERTY);
+
+ $instDefChained->addProperty(MyInstruction::ORIGINAL_DEF, $originalDef);
+ }
+
+ if (isset($op->var) && $op->var instanceof Operand\BoundVariable) {
+ $originalDef = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ "this"
+ );
+ $instDefChained->addProperty(MyInstruction::ORIGINAL_DEF, $originalDef);
+ }
+
+ if (isset($op->result)) {
+ $instDefChained->addProperty(
+ MyInstruction::RESULTID,
+ $context->getCurrentFunc()->getOpId($op->result)
+ );
+ }
+ if (isset($op->var)) {
+ $instDefChained->addProperty(
+ MyInstruction::VARID,
+ $context->getCurrentFunc()->getOpId($op->var)
+ );
+ }
+
+ $context->getCurrentMycode()->addCode($instDefChained);
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/StaticPropertyFetch.php b/package/src/progpilot/Transformations/Php/Exprs/StaticPropertyFetch.php
new file mode 100644
index 00000000..ac64aa9a
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/StaticPropertyFetch.php
@@ -0,0 +1,70 @@
+addProperty(MyInstruction::PROPERTY_NAME, $op->name->value);
+
+ // static property
+ if (isset($op->class->value)) {
+ $originalDef = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ $op->class->value
+ );
+ $originalDef->addType(MyDefinition::TYPE_STATIC_PROPERTY);
+
+ $instDefChained->addProperty(MyInstruction::ORIGINAL_DEF, $originalDef);
+ }
+
+ if (isset($op->var) && $op->var instanceof Operand\BoundVariable) {
+ $originalDef = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ "this"
+ );
+ $instDefChained->addProperty(MyInstruction::ORIGINAL_DEF, $originalDef);
+ }
+
+ if (isset($op->result)) {
+ $instDefChained->addProperty(
+ MyInstruction::RESULTID,
+ $context->getCurrentFunc()->getOpId($op->result)
+ );
+ }
+ if (isset($op->var)) {
+ $instDefChained->addProperty(
+ MyInstruction::VARID,
+ $context->getCurrentFunc()->getOpId($op->var)
+ );
+ }
+
+ $context->getCurrentMycode()->addCode($instDefChained);
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/Exprs/VariableFetch.php b/package/src/progpilot/Transformations/Php/Exprs/VariableFetch.php
new file mode 100644
index 00000000..7ec92522
--- /dev/null
+++ b/package/src/progpilot/Transformations/Php/Exprs/VariableFetch.php
@@ -0,0 +1,47 @@
+original) && $op->original instanceof Operand\Variable
+ && isset($op->original->name) && $op->original->name instanceof Operand\Literal) {
+ $myTemp = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ $op->original->name->value
+ );
+
+ $instVariableFetch = new MyInstruction(Opcodes::VARIABLE_FETCH);
+
+ $property = is_null($expr) ? MyInstruction::VARID : MyInstruction::EXPRID;
+
+ $instVariableFetch->addProperty(
+ $property,
+ $context->getCurrentFunc()->getOpId($op)
+ );
+
+ $instVariableFetch->addProperty(MyInstruction::DEF, $myTemp);
+ $context->getCurrentMycode()->addCode($instVariableFetch);
+ }
+ }
+}
diff --git a/package/src/progpilot/Transformations/Php/FuncCall.php b/package/src/progpilot/Transformations/Php/FuncCall.php
index ef2bcc16..1a570a1c 100644
--- a/package/src/progpilot/Transformations/Php/FuncCall.php
+++ b/package/src/progpilot/Transformations/Php/FuncCall.php
@@ -15,19 +15,28 @@
use progpilot\Objects\MyFunction;
use progpilot\Objects\MyDefinition;
-use progpilot\Objects\MyExpr;
use progpilot\Objects\MyOp;
use progpilot\Code\MyInstruction;
use progpilot\Code\Opcodes;
use progpilot\Transformations\Php\Transform;
use progpilot\Transformations\Php\Expr;
+use progpilot\Transformations\Php\Exprs\PropertyFetch;
+use progpilot\Transformations\Php\Exprs\DimFetch;
+use progpilot\Transformations\Php\Exprs\VariableFetch;
class FuncCall
{
public static function argument($context, $arg, $instFuncCallMain, $funcCallName, $numParam)
{
- // each argument will be a definition defined by an expression
+ Expr::implicitfetch($context, $arg, null);
+
+ $instVariable = $context->getCurrentMycode()->getLastCode();
+ if ($instVariable->getOpcode() === Opcodes::VARIABLE_FETCH) {
+ $defArg = $instVariable->getProperty(MyInstruction::DEF);
+ $instFuncCallMain->addProperty("argoriginaldef$numParam", $defArg);
+ }
+
$defName =
$funcCallName.
"_param".
@@ -37,92 +46,54 @@ public static function argument($context, $arg, $instFuncCallMain, $funcCallName
"_column".
$context->getCurrentColumn().
"_progpilot";
- $typeArray = Common::getTypeIsArray($arg);
-
- $myDef = new MyDefinition($context->getCurrentLine(), $context->getCurrentColumn(), $defName);
-
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_ASSIGN));
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- $myExprparam = new MyExpr($context->getCurrentLine(), $context->getCurrentColumn());
- $myExprparam->setAssign(true);
- $myExprparam->setAssignDef($myDef);
-
- $instFuncCallMain->addProperty("argdef$numParam", $myDef);
- $instFuncCallMain->addProperty("argexpr$numParam", $myExprparam);
- // if we have funccall($arg, array("test"=>false)); for example
- if ($typeArray === MyOp::TYPE_ARRAY_EXPR) {
- ArrayExpr::instruction($arg, $context, false, $defName, false);
+ $myDef = new MyDefinition(
+ $context->getCurrentBlock()->getId(),
+ $context->getCurrentMyFile(),
+ $context->getCurrentLine(),
+ $context->getCurrentColumn(),
+ $defName
+ );
- $myTemp = new MyDefinition($context->getCurrentLine(), $context->getCurrentColumn(), $defName);
- //$myTemp->addLastKnownValue($defName);
- $myTemp->setExpr($myExprparam);
- $instTemporarySimple = new MyInstruction(Opcodes::TEMPORARY);
- $instTemporarySimple->addProperty(MyInstruction::TEMPORARY, $myTemp);
- $context->getCurrentMycode()->addCode($instTemporarySimple);
- } else {
- $myTemp = Expr::instruction($arg, $context, $myExprparam);
-
- if (!is_null($myTemp)) {
- $myDef->setValueFromDef($myTemp);
- }
- }
+ $instArg = new MyInstruction(Opcodes::ARGUMENT);
+ $instArg->addProperty(MyInstruction::VARID, $context->getCurrentFunc()->getOpId($arg));
+ $context->getCurrentMycode()->addCode($instArg);
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExprparam);
- $context->getCurrentMycode()->addCode($instEndExpr);
+ $instArg->addProperty("argdef$numParam", $myDef);
+ $instArg->addProperty("idparam", $numParam);
- $context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::END_ASSIGN));
-
- $instDef = new MyInstruction(Opcodes::DEFINITION);
- $instDef->addProperty(MyInstruction::DEF, $myDef);
- $context->getCurrentMycode()->addCode($instDef);
-
- unset($myExprparam);
- unset($myDef);
+ $instFuncCallMain->addProperty("argdef$numParam", $myDef);
}
/*
arg2 : expr for the return
arg3 : arr for the return : function_call()[0] (arr = [0])
*/
- public static function instruction(
- $context,
- $myExpr,
- $funcCallArr,
- $isMethod = false,
- $isStatic = false,
- $cast = MyDefinition::CAST_NOT_SAFE
- ) {
- $mybackdef = null;
+ public static function instruction($context)
+ {
+ $isMethod = false;
$nbparams = 0;
- $propertyName = "";
$className = "";
// instance_name = new obj; instance_name->method_name()
- if ($isMethod) {
+
+ if ($context->getCurrentOp() instanceof Op\Expr\MethodCall) {
+ $isMethod = true;
$instanceName = Common::getNameDefinition($context->getCurrentOp()->var);
- if (isset($context->getCurrentOp()->var->ops[0])) {
- $propertyName = Common::getNameProperty($context->getCurrentOp()->var->ops[0]);
- }
}
$funcCallName = "";
if ($context->getCurrentOp() instanceof Op\Expr\New_) {
$funcCallName = "__construct";
- // we have the class name
if (isset($context->getCurrentOp()->class->value)) {
$className = $context->getCurrentOp()->class->value;
}
- $isMethod = true;
-
- $instanceName = Common::getNameDefinition($context->getCurrentOp()->result->usages[0]);
- if (isset($context->getCurrentOp()->result->usages[0]->var->ops[0])) {
- $propertyName = Common::getNameProperty($context->getCurrentOp()->result->usages[0]->var->ops[0]);
+ if (isset($context->getCurrentOp()->result->usages[0])) {
+ $isMethod = true;
+ $instanceName = Common::getNameDefinition($context->getCurrentOp()->result->usages[0]);
}
} elseif (isset($context->getCurrentOp()->nsName->value)) {
$funcCallName = $context->getCurrentOp()->nsName->value;
@@ -131,7 +102,7 @@ public static function instruction(
}
if ($funcCallName === "define") {
- Assign::instruction($context, false, true);
+ Assign::instruction($context, $context->getCurrentOp(), null, null, false, true);
}
if ($context->getCurrentOp() instanceof Op\Expr\Include_) {
@@ -142,20 +113,39 @@ public static function instruction(
$funcCallName = "echo";
} elseif ($context->getCurrentOp() instanceof Op\Expr\Eval_) {
$funcCallName = "eval";
- } elseif ($context->getCurrentOp() instanceof Op\Expr\Exit_) {
+ } elseif ($context->getCurrentOp() instanceof Op\Expr\Exit_
+ || $context->getCurrentOp() instanceof Op\Terminal\Exit_) {
$funcCallName = "exit";
}
$instFuncCallMain = new MyInstruction(Opcodes::FUNC_CALL);
+
+ if (isset($context->getCurrentOp()->result)) {
+ $instFuncCallMain->addProperty(
+ MyInstruction::RESULTID,
+ $context->getCurrentFunc()->getOpId($context->getCurrentOp()->result)
+ );
+ }
+ if (isset($context->getCurrentOp()->var)) {
+ $instFuncCallMain->addProperty(
+ MyInstruction::VARID,
+ $context->getCurrentFunc()->getOpId($context->getCurrentOp()->var)
+ );
+ } elseif (isset($context->getCurrentOp()->class)) {
+ $instFuncCallMain->addProperty(
+ MyInstruction::VARID,
+ $context->getCurrentFunc()->getOpId($context->getCurrentOp()->class)
+ );
+ }
$instFuncCallMain->addProperty(MyInstruction::FUNCNAME, $funcCallName);
$myFunctionCall = new MyFunction($funcCallName);
- $myFunctionCall->setCastReturn($cast);
$myFunctionCall->setLine($context->getCurrentLine());
$myFunctionCall->setColumn($context->getCurrentColumn());
+ $myFunctionCall->setInstanceClassName($className);
-
- if ($isStatic && isset($context->getCurrentOp()->class->value)) {
+ if ($context->getCurrentOp() instanceof Op\Expr\StaticCall &&
+ isset($context->getCurrentOp()->class->value)) {
$nameClass = $context->getCurrentOp()->class->value;
$myFunctionCall->addType(MyFunction::TYPE_FUNC_STATIC);
$myFunctionCall->setNameInstance($nameClass);
@@ -164,17 +154,6 @@ public static function instruction(
if ($isMethod) {
$myFunctionCall->addType(MyFunction::TYPE_FUNC_METHOD);
$myFunctionCall->setNameInstance($instanceName);
-
- $mybackdef = new MyDefinition($context->getCurrentLine(), $context->getCurrentColumn(), $instanceName);
- $mybackdef->addType(MyDefinition::TYPE_INSTANCE);
- $mybackdef->setClassName($className);
-
- if ($propertyName !== "" && count($propertyName) > 0) {
- $mybackdef->addType(MyDefinition::TYPE_PROPERTY);
- $mybackdef->property->setProperties($propertyName);
- }
-
- $myFunctionCall->setBackDef($mybackdef);
}
$listArgs = [];
@@ -183,8 +162,11 @@ public static function instruction(
|| $context->getCurrentOp() instanceof Op\Expr\Print_
|| $context->getCurrentOp() instanceof Op\Terminal\Echo_
|| $context->getCurrentOp() instanceof Op\Expr\Eval_
- || $context->getCurrentOp() instanceof Op\Expr\Exit_) {
- $listArgs[] = $context->getCurrentOp()->expr;
+ || $context->getCurrentOp() instanceof Op\Expr\Exit_
+ || $context->getCurrentOp() instanceof Op\Terminal\Exit_) {
+ if (isset($context->getCurrentOp()->expr)) {
+ $listArgs[] = $context->getCurrentOp()->expr;
+ }
if ($context->getCurrentOp() instanceof Op\Expr\Include_) {
$instFuncCallMain->addProperty(MyInstruction::TYPE_INCLUDE, $context->getCurrentOp()->type);
@@ -200,10 +182,6 @@ public static function instruction(
$myFunctionCall->setNbParams($nbparams);
$instFuncCallMain->addProperty(MyInstruction::MYFUNC_CALL, $myFunctionCall);
- $instFuncCallMain->addProperty(MyInstruction::EXPR, $myExpr);
- $instFuncCallMain->addProperty(MyInstruction::ARR, $funcCallArr);
$context->getCurrentMycode()->addCode($instFuncCallMain);
-
- return $mybackdef;
}
}
diff --git a/package/src/progpilot/Transformations/Php/Transform.php b/package/src/progpilot/Transformations/Php/Transform.php
index 2d8b30a3..8e52a55a 100644
--- a/package/src/progpilot/Transformations/Php/Transform.php
+++ b/package/src/progpilot/Transformations/Php/Transform.php
@@ -15,12 +15,12 @@
use PHPCfg\Op;
use PHPCfg\Script;
use PHPCfg\Visitor;
-use PHPCfg\Printer;
+use PHPCfg\Operand;
use progpilot\Objects\MyFunction;
use progpilot\Objects\MyBlock;
use progpilot\Objects\MyDefinition;
-use progpilot\Objects\MyExpr;
+use progpilot\Objects\MyProperty;
use progpilot\Objects\MyClass;
use progpilot\Objects\MyOp;
use progpilot\Objects\MyFile;
@@ -28,23 +28,37 @@
use progpilot\Code\MyInstruction;
use progpilot\Code\Opcodes;
-use progpilot\Transformations\Php\FuncCall;
use progpilot\Transformations\Php\Expr;
use progpilot\Transformations\Php\Assign;
use progpilot\Transformations\Php\Common;
use progpilot\Transformations\Php\Context;
+use function DeepCopy\deep_copy;
+
class Transform implements Visitor
{
+ private $blocksStack;
private $sBlocks;
private $context;
private $blockIfToBeResolved;
private $insideInclude;
+ private $varIds;
+
+ protected function getVarId(Operand $var)
+ {
+ if (isset($this->varIds[$var])) {
+ return $this->varIds[$var];
+ }
+
+ return $this->varIds[$var] = $this->varIds->count() + 1;
+ }
public function __construct()
{
+ $this->varIds = new \SplObjectStorage;
$this->sBlocks = new \SplObjectStorage;
$this->blockIfToBeResolved = [];
+ $this->blocksStack = [];
}
public function setContext($context)
@@ -57,32 +71,76 @@ public function enterScript(Script $script)
$this->context->outputs->currentIncludesFile = [];
}
- public function leaveScript(Script $script)
+ public function checkIsALoop($block, $blockToLook)
{
- // creating edges for myblocks structure as block structure
- foreach ($this->sBlocks as $block) {
- $myBlock = $this->sBlocks[$block];
- foreach ($block->parents as $block_parent) {
- if ($this->sBlocks->contains($block_parent)) {
- $myBlockParent = $this->sBlocks[$block_parent];
- $myBlock->addParent($myBlockParent);
+ $allBlocks = [];
+ $allBlocks[] = $block;
+ $parentsBlocks = [];
+ $parentsBlocks[] = $block;
+ $myBlockIf = $this->sBlocks[$blockToLook];
+
+ while (!empty($parentsBlocks)) {
+ $blockP = array_pop($parentsBlocks);
+ if ($this->sBlocks->contains($blockP)) {
+ $myBlockP = $this->sBlocks[$blockP];
+ foreach ($blockP->parents as $block_parent) {
+ if ($block_parent !== $blockP) {
+ if ($block_parent === $blockToLook) {
+ $myBlockP->addLoopParent($myBlockIf);
+ return true;
+ }
+
+ if (!in_array($block_parent, $parentsBlocks, true)
+ && !in_array($block_parent, $allBlocks, true)) {
+ $parentsBlocks[] = $block_parent;
+ $allBlocks[] = $block_parent;
+ }
+ }
}
}
}
+ return false;
+ }
+
+ public function leaveScript(Script $script)
+ {
foreach ($this->blockIfToBeResolved as $blockResolved) {
$instructionIf = $blockResolved[0];
- $blockIf = $blockResolved[1];
- $blockElse = $blockResolved[2];
+ $blockInit = $blockResolved[1];
+ $blockIf = $blockResolved[2];
+ $blockElse = $blockResolved[3];
- if ($this->sBlocks->contains($blockIf) && $this->sBlocks->contains($blockElse)) {
+ if ($this->sBlocks->contains($blockIf)
+ && $this->sBlocks->contains($blockElse)
+ && $this->sBlocks->contains($blockInit)) {
$myBlockIf = $this->sBlocks[$blockIf];
$myBlockElse = $this->sBlocks[$blockElse];
+ $myBlockInit = $this->sBlocks[$blockInit];
+
+ if ($this->checkIsALoop($blockInit, $blockIf)) {
+ $myBlockElse->addParent($myBlockIf);
+ $myBlockElse->addVirtualParent($myBlockIf);
+ }
$instructionIf->addProperty(MyInstruction::MYBLOCK_IF, $myBlockIf);
$instructionIf->addProperty(MyInstruction::MYBLOCK_ELSE, $myBlockElse);
}
}
+
+ // creating edges for myblocks structure as block structure
+ foreach ($this->sBlocks as $block) {
+ $myBlock = $this->sBlocks[$block];
+ foreach ($block->parents as $block_parent) {
+ if ($this->sBlocks->contains($block_parent)) {
+ $myBlockParent = $this->sBlocks[$block_parent];
+ $myBlock->addParent($myBlockParent);
+ $myBlock->addVirtualParent($myBlockParent);
+
+ $myBlockParent->addChild($myBlock);
+ }
+ }
+ }
// extends class
foreach ($this->context->getClasses()->getListClasses() as $myClass) {
@@ -90,7 +148,9 @@ public function leaveScript(Script $script)
$myClassFather = $this->context->getClasses()->getMyClass($myClass->getExtendsOf());
if (!is_null($myClassFather)) {
foreach ($myClassFather->getMethods() as $methodFather) {
- $myClass->addMethod(clone $methodFather);
+ $cloneMethodFather = $methodFather;
+
+ $myClass->addMethod($cloneMethodFather);
$methodFather->setMyClass($myClass);
}
@@ -100,20 +160,17 @@ public function leaveScript(Script $script)
}
}
}
-
- /*
- $printer = new Printer\Text();
- var_dump($printer->printScript($script));
- */
}
public function enterBlock(Block $block, Block $prior = null)
{
$this->insideInclude = false;
if (!($this->context->getCurrentOp() instanceof Op\Expr\Include_)) {
- $myBlock = new MyBlock;
+ $myBlock = new MyBlock($this->context->getCurrentLine(), $this->context->getCurrentColumn());
$myBlock->setStartAddressBlock(count($this->context->getCurrentMycode()->getCodes()));
- $this->context->setCurrentBlock($block);
+ $this->context->setCurrentBlock($myBlock);
+
+ array_push($this->blocksStack, $myBlock);
$this->sBlocks[$block] = $myBlock;
@@ -124,7 +181,13 @@ public function enterBlock(Block $block, Block $prior = null)
// block is for himself a parent block (handle dataflow for first block)
$block->addParent($block);
- $myBlock->setId(rand());
+ // params are part of the first block
+ foreach ($this->context->getCurrentFunc()->getParams() as $param) {
+ $instDef = new MyInstruction(Opcodes::DEFINITION);
+ $instDef->addProperty(MyInstruction::DEF, $param);
+ $this->context->getCurrentMycode()->addCode($instDef);
+ }
+ // end
} else {
$this->insideInclude = true;
}
@@ -150,15 +213,18 @@ public function leaveBlock(Block $block, Block $prior = null)
$instBlock = new MyInstruction(Opcodes::LEAVE_BLOCK);
$instBlock->addProperty(MyInstruction::MYBLOCK, $myBlock);
$this->context->getCurrentMycode()->addCode($instBlock);
+
+ array_pop($this->blocksStack);
+
+ if (!empty($this->blocksStack)) {
+ $this->context->setCurrentBlock($this->blocksStack[count($this->blocksStack) - 1]);
+ }
}
}
}
public function enterFunc(Func $func)
{
- // blocks are set back to zero when entering new function
- $this->context->setCurrentBlock(null);
-
$myFunction = new MyFunction($func->name);
$this->context->setCurrentMycode($myFunction->getMyCode());
@@ -182,9 +248,17 @@ public function enterFunc(Func $func)
$myFunction->addType(MyFunction::TYPE_FUNC_STATIC);
}
- $mythisdef = new MyDefinition(0, 0, "this");
- $mythisdef->setBlockId(0);
+ $mythisdef = new MyDefinition(
+ 0,
+ $this->context->getCurrentMyFile(),
+ 0,
+ 0,
+ "this"
+ );
+
$mythisdef->addType(MyDefinition::TYPE_INSTANCE);
+ $mythisdef->getCurrentState()->addType(MyDefinition::TYPE_INSTANCE);
+
$myFunction->setThisDef($mythisdef);
}
}
@@ -193,23 +267,21 @@ public function enterFunc(Func $func)
$paramName = $param->name->value;
$byref = $param->byRef;
- $myDef = new MyDefinition($param->getLine(), $param->getAttribute("startFilePos", -1), $paramName);
+ $myDef = new MyDefinition(
+ 0,
+ $this->context->getCurrentMyFile(),
+ $param->getLine(),
+ $param->getAttribute("startFilePos", -1),
+ $paramName
+ );
if ($byref) {
$myDef->addType(MyDefinition::TYPE_REFERENCE);
}
$myFunction->addParam($myDef);
-
- $instDef = new MyInstruction(Opcodes::DEFINITION);
- $instDef->addProperty(MyInstruction::DEF, $myDef);
- $this->context->getCurrentMycode()->addCode($instDef);
-
- unset($myDef);
}
- // because when we call (funccall) a function by name, it can be undefined
- $this->context->getFunctions()->addFunction($myFunction->getName(), $myFunction);
$this->context->setCurrentFunc($myFunction);
}
@@ -221,7 +293,8 @@ public function leaveFunc(Func $func)
// we can have a block opened and we need to leave it
if ($inst->getOpcode() !== Opcodes::LEAVE_BLOCK) {
- if (!is_null($this->context->getCurrentBlock())) {
+ if (!is_null($this->context->getCurrentBlock())
+ && $this->sBlocks->contains($this->context->getCurrentBlock())) {
$myBlock = $this->sBlocks[$this->context->getCurrentBlock()];
$myBlock->setEndAddressBlock(count($this->context->getCurrentMycode()->getCodes()));
@@ -231,42 +304,25 @@ public function leaveFunc(Func $func)
}
}
- $className = null;
- if (!is_null($func->class)) {
- $className = $func->class->value;
- }
-
- $myFunction = $this->context->getFunctions()->getFunction($func->name, $className);
-
- if (!is_null($myFunction)) {
- $myFunction->setLastLine($this->context->getCurrentLine());
- $myFunction->setLastColumn($this->context->getCurrentColumn());
- $myFunction->setLastBlockId(-1);
+ $myFunction = $this->context->getCurrentFunc();
+
+ $myFunction->setLastLine($this->context->getCurrentLine());
+ $myFunction->setLastColumn($this->context->getCurrentColumn());
- $instFunc = new MyInstruction(Opcodes::LEAVE_FUNCTION);
- $instFunc->addProperty(MyInstruction::MYFUNC, $myFunction);
- $this->context->getCurrentMycode()->addCode($instFunc);
- }
- }
+ $instFunc = new MyInstruction(Opcodes::LEAVE_FUNCTION);
+ $instFunc->addProperty(MyInstruction::MYFUNC, $myFunction);
+ $this->context->getCurrentMycode()->addCode($instFunc);
- public function parseconditions($instStartIf, $cond)
- {
- foreach ($cond as $ops) {
- if ($ops instanceof Op\Expr\BooleanNot) {
- $instStartIf->addProperty(MyInstruction::NOT_BOOLEAN, true);
- $this->parseconditions($instStartIf, $ops->expr->ops);
- }
- }
+ $this->context->addTmpFunctions($myFunction);
}
public function enterOp(Op $op, Block $block)
{
$this->context->setCurrentOp($op);
- $this->context->setCurrentBlock($block);
// for theses objects getline et getcolumn methods exists except for assertion
if ($op instanceof Op\Stmt ||
- ($op instanceof Op\Expr && !($op instanceof Op\Expr\Assertion)) ||
+ ($op instanceof Op\Expr && !($op instanceof Op\Expr\Assertion)) ||
$op instanceof Op\Terminal) {
if ($op->getLine() !== -1 && $op->getAttribute("startFilePos", -1) !== -1) {
$this->context->setCurrentLine($op->getLine());
@@ -274,143 +330,67 @@ public function enterOp(Op $op, Block $block)
}
}
- if ($op instanceof Op\Stmt\JumpIf) {
+ if ($op instanceof Op\Expr\BinaryOp
+ && !($op instanceof Op\Expr\BinaryOp\Concat)) {
+ $instBinary = new MyInstruction(Opcodes::BINARYOP);
+ $instBinary->addProperty(MyInstruction::LEFTID, $this->context->getCurrentFunc()->getOpId($op->left));
+ $instBinary->addProperty(MyInstruction::RIGHTID, $this->context->getCurrentFunc()->getOpId($op->right));
+ $instBinary->addProperty(MyInstruction::RESULTID, $this->context->getCurrentFunc()->getOpId($op->result));
+ $this->context->getCurrentMycode()->addCode($instBinary);
+ } elseif ($op instanceof Op\Expr\BooleanNot) {
+ $instNotBoolean = new MyInstruction(Opcodes::COND_BOOLEAN_NOT);
+ $instNotBoolean->addProperty(MyInstruction::EXPRID, $this->context->getCurrentFunc()->getOpId($op->expr));
+ $instNotBoolean->addProperty(
+ MyInstruction::RESULTID,
+ $this->context->getCurrentFunc()->getOpId($op->result)
+ );
+ $this->context->getCurrentMycode()->addCode($instNotBoolean);
+ } elseif ($op instanceof Op\Stmt\JumpIf) {
$instStartIf = new MyInstruction(Opcodes::COND_START_IF);
+ $instStartIf->addProperty(MyInstruction::EXPRID, $this->context->getCurrentFunc()->getOpId($op->cond));
$this->context->getCurrentMycode()->addCode($instStartIf);
- $this->blockIfToBeResolved[] = [$instStartIf, $op->if, $op->else];
-
- $myblock = $this->sBlocks[$block];
- $myblock->setIsLoop(true);
-
- $this->parseconditions($instStartIf, $op->cond->ops);
- }
- /*
- const TYPE_INCLUDE = 1;
- const TYPE_INCLUDE_OPNCE = 2;
- const TYPE_REQUIRE = 3;
- const TYPE_REQUIRE_ONCE = 4;
- */
-
- if ($op instanceof Op\Expr\Include_) {
- if (Common::isFuncCallWithoutReturn($op)) {
- // expr of type "assign" to have a defined return
- $myExpr = new MyExpr($this->context->getCurrentLine(), $this->context->getCurrentColumn());
- $this->context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- FuncCall::instruction($this->context, $myExpr, false);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $this->context->getCurrentMycode()->addCode($instEndExpr);
- }
+ $this->blockIfToBeResolved[] = [$instStartIf, $block, $op->if, $op->else];
+ } elseif ($op instanceof Op\Iterator\Value) {
+ $instIterator = new MyInstruction(Opcodes::ITERATOR);
+ Expr::implicitfetch($this->context, $op->var, null);
+ $instIterator->addProperty(MyInstruction::VARID, $this->context->getCurrentFunc()->getOpId($op->var));
+ $instIterator->addProperty(MyInstruction::RESULTID, $this->context->getCurrentFunc()->getOpId($op->result));
+ $this->context->getCurrentMycode()->addCode($instIterator);
} elseif ($op instanceof Op\Terminal\GlobalVar) {
- $nameGlobal = Common::getNameDefinition($this->context->getCurrentOp()->var);
-
$myDefGlobal = new MyDefinition(
+ $this->context->getCurrentBlock()->getId(),
+ $this->context->getCurrentMyFile(),
$this->context->getCurrentLine(),
$this->context->getCurrentColumn(),
- $nameGlobal
+ $op->var->value
);
$myDefGlobal->setType(MyDefinition::TYPE_GLOBAL);
$instDef = new MyInstruction(Opcodes::DEFINITION);
$instDef->addProperty(MyInstruction::DEF, $myDefGlobal);
$this->context->getCurrentMycode()->addCode($instDef);
- } elseif ($op instanceof Op\Terminal\Return_) {
- Assign::instruction($this->context, true);
-
- $inst = new MyInstruction(Opcodes::RETURN_FUNCTION);
- $inst->addProperty(MyInstruction::RETURN_DEFS, $this->context->getCurrentFunc()->getReturnDefs());
- $this->context->getCurrentMycode()->addCode($inst);
- } elseif ($op instanceof Op\Expr\Eval_) {
- if (Common::isFuncCallWithoutReturn($op)) {
- // expr of type "assign" to have a defined return
- $myExpr = new MyExpr($this->context->getCurrentLine(), $this->context->getCurrentColumn());
- $this->context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- FuncCall::instruction($this->context, $myExpr, false);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $this->context->getCurrentMycode()->addCode($instEndExpr);
- }
- } elseif ($op instanceof Op\Terminal\Echo_) {
- if (Common::isFuncCallWithoutReturn($op)) {
- // expr of type "assign" to have a defined return
- $myExpr = new MyExpr($this->context->getCurrentLine(), $this->context->getCurrentColumn());
- $this->context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- FuncCall::instruction($this->context, $myExpr, false);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $this->context->getCurrentMycode()->addCode($instEndExpr);
- }
- } elseif ($op instanceof Op\Expr\Print_) {
- if (Common::isFuncCallWithoutReturn($op)) {
- // expr of type "assign" to have a defined return
- $myExpr = new MyExpr($this->context->getCurrentLine(), $this->context->getCurrentColumn());
- $this->context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- FuncCall::instruction($this->context, $myExpr, false);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $this->context->getCurrentMycode()->addCode($instEndExpr);
- }
- } elseif ($op instanceof Op\Expr\Exit_) {
- if (Common::isFuncCallWithoutReturn($op)) {
- // expr of type "assign" to have a defined return
- $myExpr = new MyExpr($this->context->getCurrentLine(), $this->context->getCurrentColumn());
- $this->context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- FuncCall::instruction($this->context, $myExpr, false);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $this->context->getCurrentMycode()->addCode($instEndExpr);
- }
- } elseif ($op instanceof Op\Expr\StaticCall) {
- if (Common::isFuncCallWithoutReturn($op)) {
- // expr of type "assign" to have a defined return
- $myExpr = new MyExpr($this->context->getCurrentLine(), $this->context->getCurrentColumn());
- $this->context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
- FuncCall::instruction($this->context, $myExpr, false, false, true);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $this->context->getCurrentMycode()->addCode($instEndExpr);
- }
- } elseif ($op instanceof Op\Expr\FuncCall || $op instanceof Op\Expr\NsFuncCall) {
- if (Common::isFuncCallWithoutReturn($op)) {
- // expr of type "assign" to have a defined return
- $myExpr = new MyExpr($this->context->getCurrentLine(), $this->context->getCurrentColumn());
- $this->context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
-
- FuncCall::instruction($this->context, $myExpr, false);
-
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $this->context->getCurrentMycode()->addCode($instEndExpr);
- }
- } elseif ($op instanceof Op\Expr\MethodCall) {
- if (Common::isFuncCallWithoutReturn($op)) {
- $className = Common::getNameDefinition($op->var);
-
- $myExpr = new MyExpr($this->context->getCurrentLine(), $this->context->getCurrentColumn());
+ $this->context->getCurrentFunc()->setHasGlobalVariables(true);
+ } elseif ($op instanceof Op\Terminal\Return_) {
+ // we put the ids of return as last block id
+ $this->context->getCurrentFunc()->addLastBlockId($this->context->getCurrentBlock()->getId());
- $this->context->getCurrentMycode()->addCode(new MyInstruction(Opcodes::START_EXPRESSION));
+ if (isset($op->expr)) {
+ if (isset($op->expr->original)) {
+ Expr::implicitfetch($this->context, $op->expr, "right");
+ }
- FuncCall::instruction($this->context, $myExpr, false, true);
+ Assign::instruction($this->context, $op, $op->expr, null, true, false);
- $instEndExpr = new MyInstruction(Opcodes::END_EXPRESSION);
- $instEndExpr->addProperty(MyInstruction::EXPR, $myExpr);
- $this->context->getCurrentMycode()->addCode($instEndExpr);
+ $inst = new MyInstruction(Opcodes::RETURN_FUNCTION);
+ $inst->addProperty(MyInstruction::RETURN_DEFS, $this->context->getCurrentFunc()->getReturnDefs());
+ $this->context->getCurrentMycode()->addCode($inst);
}
} elseif ($op instanceof Op\Expr\Assign || $op instanceof Op\Expr\AssignRef) {
- Assign::instruction($this->context);
+ if (isset($op->expr) && isset($op->var)) {
+ Assign::instruction($this->context, $op, $op->expr, $op->var);
+ }
} elseif ($op instanceof Op\Stmt\Class_) {
$className = Common::getNameDefinition($op);
@@ -427,35 +407,32 @@ public function enterOp(Op $op, Block $block)
$this->context->getClasses()->addMyclass($myClass);
foreach ($op->stmts->children as $property) {
- // if($property instanceof Op\Stmt\ClassMethod)
if ($property instanceof Op\Stmt\Property) {
$propertyName = Common::getNameDefinition($property);
- $visibility = Common::getTypeVisibility($property->visiblity);
+ $visibility = Common::getTypeVisibility($property->visibility);
- $myDef = new MyDefinition(
+ $myProperty = new MyProperty(
+ $this->context->getCurrentBlock()->getId(),
+ $this->context->getCurrentMyFile(),
$property->getLine(),
$property->getAttribute("startFilePos", -1),
- "this"
+ $propertyName
);
- $myDef->property->setVisibility($visibility);
- $myDef->property->addProperty($propertyName);
- $myDef->setClassName($className);
-
- // it's necessary for SecurityAnalysis (visibility)
-
- if ($property->static === 8) {
- $myDef->addType(MyDefinition::TYPE_STATIC_PROPERTY);
- } else {
- $myDef->addType(MyDefinition::TYPE_PROPERTY);
+ $myProperty->setVisibility($visibility);
+ $myClass->addProperty($myProperty);
+
+ if ($property->static) {
+ $myProperty->addType(MyDefinition::TYPE_STATIC_PROPERTY);
+ $myProperty->getCurrentState()->addType(MyDefinition::TYPE_STATIC_PROPERTY);
}
-
- $myClass->addProperty($myDef);
}
}
$instClass = new MyInstruction(Opcodes::CLASSE);
$instClass->addProperty(MyInstruction::MYCLASS, $myClass);
$this->context->getCurrentMycode()->addCode($instClass);
+ } else {
+ Expr::explicitfetch($this->context, $op, null);
}
}
}
diff --git a/package/src/progpilot/Utils.php b/package/src/progpilot/Utils.php
index 404ccc98..c4311b57 100644
--- a/package/src/progpilot/Utils.php
+++ b/package/src/progpilot/Utils.php
@@ -36,8 +36,14 @@ public static function encodeCharacters($string)
public static function printWarning($context, $message)
{
- if ($context->getPrintWarning()) {
- fwrite(STDERR, "progpilot warning : $message\n");
+ if ($context->isDebugMode()) {
+ fwrite(STDERR, "progpilot warning: $message\n");
+ fwrite(STDERR, "file: '".$context->getCurrentMyFile()->getName()."'\n");
+
+ // sometimes it's called outside of function context
+ if (!is_null($context->getCurrentFunc())) {
+ fwrite(STDERR, "function: '".$context->getCurrentFunc()->getName()."'\n");
+ }
}
}
@@ -48,15 +54,7 @@ public static function printError($message)
public static function printStaticProperties($language, $props)
{
- $propertyName = "";
-
- if (is_array($props)) {
- foreach ($props as $prop) {
- $propertyName .= "::"."\$".Utils::encodeCharacters($prop);
- }
- }
-
- return $propertyName;
+ return "::"."\$".Utils::encodeCharacters($props);
}
public static function printProperties($language, $props)
@@ -65,41 +63,69 @@ public static function printProperties($language, $props)
if ($language === "js") {
$separator = ".";
}
-
- $propertyName = "";
- if (is_array($props)) {
- foreach ($props as $prop) {
- $propertyName .= "$separator".Utils::encodeCharacters($prop);
- }
- }
-
- return $propertyName;
+ return $separator.Utils::encodeCharacters($props);
}
- public static function printDefinition($language, $def)
+ public static function printDefinition($language, $def, $original = null)
{
+
$prefix = "\$";
- if ($language === "js") {
- $prefix = "";
+ if ($def->isType(MyDefinition::TYPE_STATIC_PROPERTY)
+ || $language === "js") {
+ // oop/simple31.php
+ if (!is_null($original)
+ && !empty($original)
+ && $original[0]->isType(MyDefinition::TYPE_STATIC_PROPERTY)) {
+ $prefix = "";
+ }
}
-
- if ($def->isType(MyDefinition::TYPE_PROPERTY)) {
- $defName = "$prefix".Utils::encodeCharacters($def->getName()).
- Utils::printProperties($language, $def->property->getProperties());
- } elseif ($def->isType(MyDefinition::TYPE_STATIC_PROPERTY)) {
- $defName = Utils::encodeCharacters($def->getName()).
- Utils::printStaticProperties($language, $def->property->getProperties());
+
+ $printableDef = "";
+ if (!is_null($original) && !empty($original)) {
+ for ($i = 0; $i < count($original); $i ++) {
+ if ($original[$i] instanceof MyDefinition) {
+ $printableDef .= "$prefix".Utils::encodeCharacters($original[$i]->getName());
+ } elseif (is_numeric($original[$i])
+ || $original[$i] === ']'
+ || $original[$i] === '['
+ || $original[$i] === '->'
+ || $original[$i] === '::') {
+ // numeric element
+ $printableDef .= $original[$i];
+
+ $wasArray = false;
+ if ($original[$i] === '[') {
+ $wasArray = true;
+ }
+
+ $wasStatic = false;
+ if ($original[$i] === '::') {
+ $wasStatic = true;
+ }
+ } else {
+ // string element (array, property name)
+ if ($wasArray) {
+ $printableDef .= "\"";
+ }
+
+ if ($wasStatic) {
+ $printableDef .= "\$";
+ }
+
+ $printableDef .= Utils::encodeCharacters($original[$i]);
+
+ if ($wasArray) {
+ $printableDef .= "\"";
+ }
+ }
+ }
} else {
- $defName = "$prefix".Utils::encodeCharacters($def->getName());
+ $printableDef = "$prefix".Utils::encodeCharacters($def->getName());
}
- $nameArray = "";
- if ($def->isType(MyDefinition::TYPE_ARRAY)) {
- Utils::printArray($def->getArrayValue(), $nameArray);
- }
- return $defName.$nameArray;
+ return $printableDef;
}
public static function printFunction($function)
diff --git a/package/src/uptodate_data/php/dev/rules.json b/package/src/uptodate_data/php/dev/rules.json
index 9221ae82..4ddb0ef4 100644
--- a/package/src/uptodate_data/php/dev/rules.json
+++ b/package/src/uptodate_data/php/dev/rules.json
@@ -1,16 +1,5 @@
{
"custom_rules": [
- {"sequence":
- [
- {"function_name": "dev_iam_authenticated", "language": "php"},
- {"function_name": "dev_iam_rights", "language": "php"},
- {"function_name": "dev_retrieve_secret", "language": "php"}
- ],
- "description": "the user must be authentified and have rights before retrieving secrets",
- "action": "MUST_VERIFY_CALL_FLOW",
- "attack": "bypass access control",
- "cwe": "CWE_285"
- },
{"sequence":
[
{"function_name": "secret", "language": "php"},
@@ -38,6 +27,30 @@
"language": "php", "action": "MUST_VERIFY_DEFINITION",
"attack": "security misconfiguration",
"cwe": "CWE_1004"
+ },
+ {
+ "name": "db",
+ "instanceof": "SomeClass",
+ "description": "Access to SomeClass->db as new sinks",
+ "language": "php",
+ "action": "DEFINE_OBJECT",
+ "extra": "SomeClassDb"
+ },
+ {
+ "name": "middle_object_unknown",
+ "instanceof": "known_class1",
+ "description": "new sinks",
+ "language": "php",
+ "action": "DEFINE_OBJECT",
+ "extra": "SomeClassUnknown"
+ },
+ {
+ "name": "middle_object",
+ "instanceof": "known_class1_undefined",
+ "description": "new sinks",
+ "language": "php",
+ "action": "DEFINE_OBJECT",
+ "extra": "SomeClassUnknown"
}
]
}
diff --git a/package/src/uptodate_data/php/dev/sinks.json b/package/src/uptodate_data/php/dev/sinks.json
index 8e1bec18..121fea7a 100644
--- a/package/src/uptodate_data/php/dev/sinks.json
+++ b/package/src/uptodate_data/php/dev/sinks.json
@@ -1,10 +1,10 @@
{
"sinks": [
{"name": "mysink", "instanceof": "known_middle_class2", "language": "php", "attack": "xss", "cwe": "CWE_79"},
- {"name": "mysink", "instanceof": "known_class1->middle_object", "language": "php", "attack": "xss", "cwe": "CWE_79"},
+ {"name": "mysink", "instanceof": "SomeClassUnknown", "language": "php", "attack": "xss", "cwe": "CWE_79"},
{"name": "mysink", "instanceof": "known_class1_undefined", "language": "php", "attack": "xss", "cwe": "CWE_79"},
- {"name": "mysink", "instanceof": "known_class1_undefined->middle_object", "language": "php", "attack": "xss", "cwe": "CWE_79"},
- {"name": "query", "instanceof": "SomeClass->db", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
+ {"name": "mysink", "instanceof": "unknown_middle_class2", "language": "php", "attack": "xss", "cwe": "CWE_79"},
+ {"name": "query", "instanceof": "SomeClassDb", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
{"name": "query", "instanceof": "SomeClass1", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
{"name": "query", "instanceof": "VulnerableClass", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"}
]
diff --git a/package/src/uptodate_data/php/dev/sources.json b/package/src/uptodate_data/php/dev/sources.json
index 38825516..31fe6e36 100644
--- a/package/src/uptodate_data/php/dev/sources.json
+++ b/package/src/uptodate_data/php/dev/sources.json
@@ -5,6 +5,6 @@
{"name": "methodc1arr", "is_function": true, "instanceof": "testc1", "return_array_index": "tainted", "language": "php", "type": "for dev purposes"},
{"name": "func1arr", "is_function": true, "return_array_index": "tainted", "language": "php", "type": "for dev purposes"},
{"name": "member1", "instanceof": "testc1", "language": "php", "type": "for dev purposes"},
- {"name": "vardev", "is_array": true, "array_index": "tainted", "language": "php", "type": "for dev purposes"}
+ {"name": "vardev", "is_array": true, "array_index": ["tainted"], "language": "php", "type": "for dev purposes"}
]
}
diff --git a/package/src/uptodate_data/php/dev/validators.json b/package/src/uptodate_data/php/dev/validators.json
index 0695c601..8356535e 100644
--- a/package/src/uptodate_data/php/dev/validators.json
+++ b/package/src/uptodate_data/php/dev/validators.json
@@ -1,4 +1,16 @@
{
- "validators": [
- ]
-}
+ "validators": [
+ {"name": "in_array_false", "language": "php", "valid_when_returning": false, "parameters":
+ [
+ {"id": 1, "conditions": "valid"},
+ {"id": 2, "conditions": "array_not_tainted"}
+ ]
+ },
+ {"name": "in_array_true", "language": "php", "valid_when_returning": true, "parameters":
+ [
+ {"id": 1, "conditions": "valid"},
+ {"id": 2, "conditions": "array_not_tainted"}
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/package/src/uptodate_data/php/frameworks/codeigniter/rules.json b/package/src/uptodate_data/php/frameworks/codeigniter/rules.json
index 911bd671..812ae324 100644
--- a/package/src/uptodate_data/php/frameworks/codeigniter/rules.json
+++ b/package/src/uptodate_data/php/frameworks/codeigniter/rules.json
@@ -1,9 +1,41 @@
{
"custom_rules": [
+ {
+ "name": "input",
+ "instanceof": "CI_Controller",
+ "description": "load security helper in the controller",
+ "language": "php",
+ "action": "DEFINE_OBJECT",
+ "extra": "InputCodeIgniter"
+ },
+ {
+ "name": "security",
+ "instanceof": "CI_Controller",
+ "description": "load security helper in the controller",
+ "language": "php",
+ "action": "DEFINE_OBJECT",
+ "extra": "SecurityHelperCodeIgniter"
+ },
+ {
+ "name": "load",
+ "instanceof": "CI_Controller",
+ "description": "load templates in the controller",
+ "language": "php",
+ "action": "DEFINE_OBJECT",
+ "extra": "ViewCodeIgniter"
+ },
+ {
+ "name": "db",
+ "instanceof": "CI_Model",
+ "description": "db interface to perform queries",
+ "language": "php",
+ "action": "DEFINE_OBJECT",
+ "extra": "DBCodeIgniter"
+ },
{
"name": "query",
"is_function": true,
- "instanceof": "CI_Model->db",
+ "instanceof": "DBCodeIgniter",
"description": "Result of db queries as new sources",
"language": "php",
"action": "DEFINE_OBJECT",
@@ -12,7 +44,7 @@
{
"name": "get",
"is_function": true,
- "instanceof": "CI_Model->db",
+ "instanceof": "DBCodeIgniter",
"description": "Result of db queries as new sources",
"language": "php",
"action": "DEFINE_OBJECT",
diff --git a/package/src/uptodate_data/php/frameworks/codeigniter/sanitizers.json b/package/src/uptodate_data/php/frameworks/codeigniter/sanitizers.json
index 48989781..74ed86f4 100644
--- a/package/src/uptodate_data/php/frameworks/codeigniter/sanitizers.json
+++ b/package/src/uptodate_data/php/frameworks/codeigniter/sanitizers.json
@@ -3,9 +3,9 @@
{"name": "is_php", "language": "php", "prevent": ["ALL"]},
{"name": "is_really_writable", "language": "php", "prevent": ["ALL"]},
{"name": "html_escape", "language": "php", "prevent": ["xss", "QUOTES"]},
- {"name": "xss_clean", "instanceof": "CI_Controller->security", "language": "php", "prevent": ["xss", "QUOTES"]},
- {"name": "escape", "instanceof": "CI_Model->db", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]},
- {"name": "escape_str", "instanceof": "CI_Model->db", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]},
- {"name": "escape_like_str", "instanceof": "CI_Model->db", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]}
+ {"name": "xss_clean", "instanceof": "SecurityHelperCodeIgniter", "language": "php", "prevent": ["xss", "QUOTES"]},
+ {"name": "escape", "instanceof": "DBCodeIgniter", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]},
+ {"name": "escape_str", "instanceof": "DBCodeIgniter", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]},
+ {"name": "escape_like_str", "instanceof": "DBCodeIgniter", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]}
]
}
diff --git a/package/src/uptodate_data/php/frameworks/codeigniter/sinks.json b/package/src/uptodate_data/php/frameworks/codeigniter/sinks.json
index 7c8ed8cd..b9584b8a 100644
--- a/package/src/uptodate_data/php/frameworks/codeigniter/sinks.json
+++ b/package/src/uptodate_data/php/frameworks/codeigniter/sinks.json
@@ -1,10 +1,10 @@
{
"sinks": [
- {"name": "view", "parameters": [{"id": 2, "conditions": ["QUOTES_HTML", "array_tainted"]}], "instanceof": "CI_Controller->load", "language": "php", "attack": "xss", "cwe": "CWE_79"},
- {"name": "query", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "CI_Model->db", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "simple_query", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "CI_Model->db", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "select", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "CI_Model->db", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "from", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "CI_Model->db", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "where", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "CI_Model->db", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"}
+ {"name": "view", "parameters": [{"id": 2, "conditions": ["QUOTES_HTML", "array_tainted"]}], "instanceof": "ViewCodeIgniter", "language": "php", "attack": "xss", "cwe": "CWE_79"},
+ {"name": "query", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "DBCodeIgniter", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
+ {"name": "simple_query", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "DBCodeIgniter", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
+ {"name": "select", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "DBCodeIgniter", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
+ {"name": "from", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "DBCodeIgniter", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
+ {"name": "where", "parameters": [{"id": 1, "conditions": "QUOTES"}], "instanceof": "DBCodeIgniter", "language": "php", "attack": "sql_injection", "cwe": "CWE_89"}
]
}
diff --git a/package/src/uptodate_data/php/frameworks/codeigniter/sources.json b/package/src/uptodate_data/php/frameworks/codeigniter/sources.json
index f9e81cff..9c302637 100644
--- a/package/src/uptodate_data/php/frameworks/codeigniter/sources.json
+++ b/package/src/uptodate_data/php/frameworks/codeigniter/sources.json
@@ -1,11 +1,11 @@
{
"sources": [
- {"name": "get", "is_function": true, "instanceof": "CI_Controller->input", "language": "php"},
- {"name": "post", "is_function": true, "instanceof": "CI_Controller->input", "language": "php"},
- {"name": "cookie", "is_function": true, "instanceof": "CI_Controller->input", "language": "php"},
- {"name": "server", "is_function": true, "instanceof": "CI_Controller->input", "language": "php"},
- {"name": "result", "is_object": true, "is_function": true, "instanceof": "DBQueryCodeIgniter", "language": "php"},
- {"name": "result_array", "is_array": true, "is_function": true, "instanceof": "DBQueryCodeIgniter", "language": "php"},
+ {"name": "get", "is_function": true, "instanceof": "InputCodeIgniter", "language": "php"},
+ {"name": "post", "is_function": true, "instanceof": "InputCodeIgniter", "language": "php"},
+ {"name": "cookie", "is_function": true, "instanceof": "InputCodeIgniter", "language": "php"},
+ {"name": "server", "is_function": true, "instanceof": "InputCodeIgniter", "language": "php"},
+ {"name": "result", "is_arrayof_objects": true, "is_function": true, "instanceof": "DBQueryCodeIgniter", "language": "php"},
+ {"name": "result_array", "is_arrayof_arrays": true, "is_function": true, "instanceof": "DBQueryCodeIgniter", "language": "php"},
{"name": "row", "is_object": true, "is_function": true, "instanceof": "DBQueryCodeIgniter", "language": "php"},
{"name": "row_array", "is_array": true, "is_function": true, "instanceof": "DBQueryCodeIgniter", "language": "php"},
{"name": "last_query", "is_function": true, "instanceof": "DBQueryCodeIgniter", "language": "php"}
diff --git a/package/src/uptodate_data/php/frameworks/codeigniter/validators.json b/package/src/uptodate_data/php/frameworks/codeigniter/validators.json
index 3bcaddfd..d5bccf71 100644
--- a/package/src/uptodate_data/php/frameworks/codeigniter/validators.json
+++ b/package/src/uptodate_data/php/frameworks/codeigniter/validators.json
@@ -1,6 +1,6 @@
{
"validators": [
- {"name": "xss_clean", "instanceof": "CI_Controller->security", "language": "php", "parameters":
+ {"name": "xss_clean", "instanceof": "SecurityHelperCodeIgniter", "language": "php", "parameters":
[
{"id": 1, "conditions": "valid"},
{"id": 2, "conditions": "equals", "values":
diff --git a/package/src/uptodate_data/php/frameworks/suitecrm/rules.json b/package/src/uptodate_data/php/frameworks/laravel/rules.json
similarity index 64%
rename from package/src/uptodate_data/php/frameworks/suitecrm/rules.json
rename to package/src/uptodate_data/php/frameworks/laravel/rules.json
index 2971e14a..4c845de6 100644
--- a/package/src/uptodate_data/php/frameworks/suitecrm/rules.json
+++ b/package/src/uptodate_data/php/frameworks/laravel/rules.json
@@ -1,4 +1,5 @@
{
"custom_rules": [
- ]
-}
+ ]
+}
+
diff --git a/package/src/uptodate_data/php/frameworks/laravel/sanitizers.json b/package/src/uptodate_data/php/frameworks/laravel/sanitizers.json
new file mode 100644
index 00000000..0ff6171b
--- /dev/null
+++ b/package/src/uptodate_data/php/frameworks/laravel/sanitizers.json
@@ -0,0 +1,4 @@
+{
+ "sanitizers": [
+ ]
+}
diff --git a/package/src/uptodate_data/php/frameworks/laravel/sinks.json b/package/src/uptodate_data/php/frameworks/laravel/sinks.json
new file mode 100644
index 00000000..3f54f9ba
--- /dev/null
+++ b/package/src/uptodate_data/php/frameworks/laravel/sinks.json
@@ -0,0 +1,5 @@
+{
+ "sinks": [
+ {"name": "redirect", "parameters": [{"id": 1}], "instanceof": "App\\Http\\Controllers\\OpenRedirect", "language": "php", "attack": "open_redirect", "cwe": "CWE_601"}
+ ]
+}
diff --git a/package/src/uptodate_data/php/frameworks/laravel/sources.json b/package/src/uptodate_data/php/frameworks/laravel/sources.json
new file mode 100644
index 00000000..c6f6fb79
--- /dev/null
+++ b/package/src/uptodate_data/php/frameworks/laravel/sources.json
@@ -0,0 +1,5 @@
+{
+ "sources": [
+ {"name": "get", "is_function": true, "instanceof": "Illuminate\\Http\\Request->input", "language": "php"}
+ ]
+}
diff --git a/package/src/uptodate_data/php/frameworks/suitecrm/validators.json b/package/src/uptodate_data/php/frameworks/laravel/validators.json
similarity index 62%
rename from package/src/uptodate_data/php/frameworks/suitecrm/validators.json
rename to package/src/uptodate_data/php/frameworks/laravel/validators.json
index f479de18..0695c601 100644
--- a/package/src/uptodate_data/php/frameworks/suitecrm/validators.json
+++ b/package/src/uptodate_data/php/frameworks/laravel/validators.json
@@ -1,4 +1,4 @@
{
"validators": [
- ]
-}
+ ]
+}
diff --git a/package/src/uptodate_data/php/frameworks/prestashop/rules.json b/package/src/uptodate_data/php/frameworks/prestashop/rules.json
deleted file mode 100644
index 8b137891..00000000
--- a/package/src/uptodate_data/php/frameworks/prestashop/rules.json
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/package/src/uptodate_data/php/frameworks/prestashop/sanitizers.json b/package/src/uptodate_data/php/frameworks/prestashop/sanitizers.json
deleted file mode 100644
index 0d645816..00000000
--- a/package/src/uptodate_data/php/frameworks/prestashop/sanitizers.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- "sanitizers": [
- {"name": "safeOutput", "instanceof": "ToolsCore", "language": "php", "prevent": ["xss"]},
- {"name": "htmlentitiesUTF8", "instanceof": "ToolsCore", "language": "php", "prevent": ["xss"]},
- {"name": "encrypt", "instanceof": "ToolsCore", "language": "php", "prevent": ["ALL"]},
- {"name": "hash", "instanceof": "ToolsCore", "language": "php", "prevent": ["ALL"]},
- {"name": "encryptIV", "instanceof": "ToolsCore", "language": "php", "prevent": ["ALL"]},
- {"name": "hashIV", "instanceof": "ToolsCore", "language": "php", "prevent": ["ALL"]},
- {"name": "floorf", "instanceof": "ToolsCore", "language": "php", "prevent": ["ALL"]},
- {"name": "ps_round", "instanceof": "ToolsCore", "language": "php", "prevent": ["ALL"]},
- {"name": "math_round", "instanceof": "ToolsCore", "language": "php", "prevent": ["ALL"]},
- {"name": "round_helper", "instanceof": "ToolsCore", "language": "php", "prevent": ["ALL"]},
- {"name": "ceilf", "instanceof": "ToolsCore", "language": "php", "prevent": ["ALL"]}
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/prestashop/sinks.json b/package/src/uptodate_data/php/frameworks/prestashop/sinks.json
deleted file mode 100644
index 46c0fc16..00000000
--- a/package/src/uptodate_data/php/frameworks/prestashop/sinks.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "sinks": [
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/prestashop/sources.json b/package/src/uptodate_data/php/frameworks/prestashop/sources.json
deleted file mode 100644
index 60a387a0..00000000
--- a/package/src/uptodate_data/php/frameworks/prestashop/sources.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "sources": [
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/prestashop/validators.json b/package/src/uptodate_data/php/frameworks/prestashop/validators.json
deleted file mode 100644
index 59925b69..00000000
--- a/package/src/uptodate_data/php/frameworks/prestashop/validators.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
- "validators": [
- {"name": "isIp2Long", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isMd5", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isSha1", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isFloat", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isUnsignedFloat", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isOptFloat", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isImageSize", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isPrice", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isNegativePrice", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isNumericIsoCode", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isDateFormat", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isDate", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isDateOrNull", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isBirthDate", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isBool", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isPhoneNumber", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isEan13", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isIsbn", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isUpc", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isZipCodeFormat", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isOrderWay", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isProductVisibility", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isInt", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isUnsignedInt", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isPercentage", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isUnsignedId", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isNullOrUnsignedId", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isLoadedObject", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isTrackingNumber", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isMySQLEngine", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isSortDirection", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isPriceDisplayMethod", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isCookie", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isReductionType", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isBoolId", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isLocalizationPackSelection", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isCoordinate", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isStockManagement", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "isPrestaShopVersion", "instanceof": "ValidateCore", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]}
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/suitecrm/sanitizers.json b/package/src/uptodate_data/php/frameworks/suitecrm/sanitizers.json
deleted file mode 100644
index 2f35707a..00000000
--- a/package/src/uptodate_data/php/frameworks/suitecrm/sanitizers.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "sanitizers": [
- {"name": "quote", "instanceof": "DBManager", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]},
- {"name": "quoted", "instanceof": "DBManager", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]}
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/suitecrm/sinks.json b/package/src/uptodate_data/php/frameworks/suitecrm/sinks.json
deleted file mode 100644
index 0454fc15..00000000
--- a/package/src/uptodate_data/php/frameworks/suitecrm/sinks.json
+++ /dev/null
@@ -1,78 +0,0 @@
-{
- "sinks": [
- {"name": "query", "instanceof": "DBManager", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "update", "instanceof": "DBManager", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "delete", "instanceof": "DBManager", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "retrieve", "instanceof": "DBManager", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "retrieveView", "instanceof": "DBManager", "parameters": [{"id": 3, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "generateInsertSQL", "instanceof": "DBManager", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getOne", "instanceof": "DBManager", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "fetchOne", "instanceof": "DBManager", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "pQuery", "instanceof": "DBManager", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "queryArray", "instanceof": "DBManager", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "limitQuery", "instanceof": "DBManager", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "validateQuery", "instanceof": "DBManager", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "delete", "instanceof": "Link", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "relationship_exists", "instanceof": "Link", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getQuery", "instanceof": "Link2", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "query", "instanceof": "Link2", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getBeans", "instanceof": "Link2", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getQuery", "instanceof": "SugarRelationship", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "load", "instanceof": "SugarRelationship", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_linked_beans", "instanceof": "SugarBean", "parameters": [{"id": 3, "conditions": "QUOTES"},{"id": 7, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "process_union_list_query", "instanceof": "SugarBean", "parameters": [{"id": 2, "conditions": "QUOTES"},{"id": 8, "conditions": "QUOTES"},{"id": 9, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "_get_num_rows_in_query", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "process_list_query", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "process_detail_query", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getRelatedFields", "instanceof": "SugarBean", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "process_full_list_query", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "create_index", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "build_related_list", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "build_related_list_where", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"},{"id": 4, "conditions": "QUOTES"},{"id": 5, "conditions": "QUOTES"},{"id": 6, "conditions": "QUOTES"},{"id": 7, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "build_related_in", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "build_related_list2", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "set_relationship", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"},{"id": 5, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "retrieve_relationships", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_union_related_list", "instanceof": "SugarBean", "parameters": [{"id": 2, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_list", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_related_list", "instanceof": "SugarBean", "parameters": [{"id": 3, "conditions": "QUOTES"},{"id": 4, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_detail", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_full_list", "instanceof": "SugarBean", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getTotalCount", "instanceof": "ListViewData", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getListViewData", "instanceof": "ListViewData", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getUsersMailerForSystemOverride", "instanceof": "OutboundEmail", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getUserMailers", "instanceof": "OutboundEmail", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getUserMailerSettings", "instanceof": "OutboundEmail", "parameters": [{"id": 2, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getInboundMailerSettings", "instanceof": "OutboundEmail", "parameters": [{"id": 2, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "retrieve", "instanceof": "OutboundEmail", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "search", "instanceof": "SugarSpot", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getData", "instanceof": "SugarChart", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "deleteEmailFromAllFolder", "instanceof": "SugarFolder", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "deleteEmailFromFolder", "instanceof": "SugarFolder", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "checkEmailExistForFolder", "instanceof": "SugarFolder", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getAllHTML", "instanceof": "SuiteMozaik", "parameters": [{"id": 5, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "addActions", "instanceof": "ACLAction", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "removeActions", "instanceof": "ACLAction", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getDefaultActions", "instanceof": "ACLAction", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getUserActions", "instanceof": "ACLAction", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"},{"id": 4, "conditions": "QUOTES"},{"id": 5, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getUserRoles", "instanceof": "ACLRole", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getUserRoleNames", "instanceof": "ACLRole", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getRoleActions", "instanceof": "ACLRole", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "mark_relationships_deleted", "instanceof": "ACLRole", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getRecipients", "instanceof": "EmailReminder", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "retrieveSettings", "instanceof": "Administration", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "saveSetting", "instanceof": "Administration", "parameters": [{"id": 1, "conditions": "QUOTES"},{"id": 2, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "determineIfUpgrade", "instanceof": "UpgradeHistory", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "retrieveTargetList", "instanceof": "Prospect", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getModuleTemplates", "instanceof": "formLetter", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_user_name", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_user_array", "parameters": [{"id": 2, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"},{"id": 5, "conditions": "QUOTES"},{"id": 6, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "getUserArrayFromFullName", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "clone_history", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "clone_relationship", "parameters": [{"id": 2, "conditions": "QUOTES"},{"id": 4, "conditions": "QUOTES"},{"id": 5, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_bean_select_array", "parameters": [{"id": 4, "conditions": "QUOTES"},{"id": 5, "conditions": "QUOTES"},{"id": 6, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "get_campaign_urls", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "check_enabled", "parameters": [{"id": 2, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"},
- {"name": "duplicate_check", "parameters": [{"id": 2, "conditions": "QUOTES"},{"id": 3, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"}
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/suitecrm/sources.json b/package/src/uptodate_data/php/frameworks/suitecrm/sources.json
deleted file mode 100644
index 1b938e3b..00000000
--- a/package/src/uptodate_data/php/frameworks/suitecrm/sources.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "sources": [
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/symfony/rules.json b/package/src/uptodate_data/php/frameworks/symfony/rules.json
index 4b799bea..c211e7c2 100644
--- a/package/src/uptodate_data/php/frameworks/symfony/rules.json
+++ b/package/src/uptodate_data/php/frameworks/symfony/rules.json
@@ -1,8 +1,17 @@
{
- "custom_rules": [{
+ "custom_rules": [
+ {
+ "name": "headers",
+ "instanceof": "Symfony\\Component\\HttpFoundation\\Response",
+ "description": "access headers of the symfony response",
+ "language": "php",
+ "action": "DEFINE_OBJECT",
+ "extra": "ResponseHeadersSymfony"
+ },
+ {
"name": "set",
"is_function": true,
- "instanceof": "Symfony\\Component\\HttpFoundation\\Response->headers",
+ "instanceof": "ResponseHeadersSymfony",
"parameters":
[
{"id": 1, "fixed": true, "valid_by_default": true, "values":
diff --git a/package/src/uptodate_data/php/frameworks/wordpress/rules.json b/package/src/uptodate_data/php/frameworks/wordpress/rules.json
deleted file mode 100644
index 8b137891..00000000
--- a/package/src/uptodate_data/php/frameworks/wordpress/rules.json
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/package/src/uptodate_data/php/frameworks/wordpress/sanitizers.json b/package/src/uptodate_data/php/frameworks/wordpress/sanitizers.json
deleted file mode 100644
index 3982e466..00000000
--- a/package/src/uptodate_data/php/frameworks/wordpress/sanitizers.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- "sanitizers": [
- {"name": "addslashes_gpc", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]},
- {"name": "esc_attr", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "esc_attr__", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "esc_attr_x", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "esc_html", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "esc_html__", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "esc_html_x", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "esc_js", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "esc_sql", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]},
- {"name": "esc_textarea", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "format_to_post", "language": "php", "prevent": ["sql_injection", "command_injection", "QUOTES"]},
- {"name": "htmlentities2", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "sanitize_email", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_file_name", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_html_class", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_key", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_mime_type", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_option", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_sql_orderby", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_text_field", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_title", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_title_for_query", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_trackback_urls", "language": "php", "prevent": ["ALL"]},
- {"name": "sanitize_user", "language": "php", "prevent": ["ALL"]},
- {"name": "tag_escape", "language": "php", "prevent": ["ALL"]},
- {"name": "wp_htmledit_pre", "language": "php", "prevent": ["xss"]},
- {"name": "wp_html_excerpt", "language": "php", "prevent": ["xss"]},
- {"name": "_wp_specialchars", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "wp_specialchars", "language": "php", "prevent": ["xss", "sql_injection", "command_injection", "QUOTES"]},
- {"name": "zeroise", "language": "php","prevent": ["ALL"]}
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/wordpress/sinks.json b/package/src/uptodate_data/php/frameworks/wordpress/sinks.json
deleted file mode 100644
index 959177f9..00000000
--- a/package/src/uptodate_data/php/frameworks/wordpress/sinks.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "sinks": [
- {"name": "query", "instanceof": "wpdb", "parameters": [{"id": 1, "conditions": "QUOTES"}], "language": "php", "attack": "sql_injection", "cwe": "CWE_89"}
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/wordpress/sources.json b/package/src/uptodate_data/php/frameworks/wordpress/sources.json
deleted file mode 100644
index db583d03..00000000
--- a/package/src/uptodate_data/php/frameworks/wordpress/sources.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "sources": [
- {"name": "get_col", "is_function": true, "instanceof": "wpdb", "language": "php"},
- {"name": "get_results", "is_object": true, "is_function": true, "instanceof": "wpdb", "language": "php"},
- {"name": "get_row", "is_function": true, "instanceof": "wpdb", "language": "php"},
- {"name": "get_var", "is_function": true, "instanceof": "wpdb", "language": "php"},
- {"name": "query", "is_function": true, "instanceof": "wpdb", "language": "php"}
- ]
-}
diff --git a/package/src/uptodate_data/php/frameworks/wordpress/validators.json b/package/src/uptodate_data/php/frameworks/wordpress/validators.json
deleted file mode 100644
index ccfae9bd..00000000
--- a/package/src/uptodate_data/php/frameworks/wordpress/validators.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "validators": [
- {"name": "is_email", "language": "php", "parameters":
- [
- {"id": 1, "conditions": "valid"}
- ]
- }
- ]
-}
diff --git a/package/src/uptodate_data/php/rules.json b/package/src/uptodate_data/php/rules.json
index b4ed7aee..0c74f686 100644
--- a/package/src/uptodate_data/php/rules.json
+++ b/package/src/uptodate_data/php/rules.json
@@ -79,6 +79,13 @@
"max_nb_args": 3,
"parameters":
[
+ {"id": 2, "sufficient": true, "fail_if_not_verified": false, "notequals": true, "values":
+ [
+ {"value" : ""},
+ {"value" : "null"},
+ {"value" : "NULL"}
+ ]
+ },
{"id": 3, "valid_by_default": false, "values":
[
{"value" : "FALSE", "is_array": true, "array_index": "secure"},
@@ -98,6 +105,13 @@
"max_nb_args": 3,
"parameters":
[
+ {"id": 2, "sufficient": true, "fail_if_not_verified": false, "notequals": true, "values":
+ [
+ {"value" : ""},
+ {"value" : "null"},
+ {"value" : "NULL"}
+ ]
+ },
{"id": 3, "valid_by_default": false, "values":
[
{"value" : "FALSE", "is_array": true, "array_index": "httponly"},
@@ -117,6 +131,12 @@
"min_nb_args": 4,
"parameters":
[
+ {"id": 2, "sufficient": true, "fail_if_not_verified": false, "values":
+ [
+ {"value" : ""},
+ {"value" : "null"}
+ ]
+ },
{"id": 7, "values":
[
{"value" : "true"},
@@ -136,6 +156,12 @@
"min_nb_args": 4,
"parameters":
[
+ {"id": 2, "sufficient": true, "fail_if_not_verified": false, "values":
+ [
+ {"value" : ""},
+ {"value" : "null"}
+ ]
+ },
{"id": 6, "values":
[
{"value" : "true"},
diff --git a/package/src/uptodate_data/php/sanitizers.json b/package/src/uptodate_data/php/sanitizers.json
index 9f40e657..58a29eed 100644
--- a/package/src/uptodate_data/php/sanitizers.json
+++ b/package/src/uptodate_data/php/sanitizers.json
@@ -103,6 +103,7 @@
{"name": "decoct", "language": "php", "prevent": ["ALL"]},
{"name": "hexdec", "language": "php", "prevent": ["ALL"]},
{"name": "rand", "language": "php", "prevent": ["ALL"]},
+ {"name": "realpath", "language": "php", "prevent": ["ALL"]},
{"name": "max", "language": "php", "prevent": ["ALL"]},
{"name": "min", "language": "php", "prevent": ["ALL"]},
{"name": "metaphone", "language": "php", "prevent": ["ALL"]},
@@ -143,7 +144,8 @@
[
{"value" : "/'/", "prevent" : ["command_injection", "ldap_injection", "sql_injection", "QUOTES"]},
{"value" : "/\\W/si", "prevent" : ["command_injection", "ldap_injection", "sql_injection", "QUOTES"]},
- {"value" : "/[^a-zA-Z0-9_\\ -]/", "prevent" : ["command_injection", "ldap_injection", "sql_injection", "QUOTES"]}
+ {"value" : "/[^a-zA-Z0-9_\\ -]/", "prevent" : ["command_injection", "ldap_injection", "sql_injection", "QUOTES"]},
+ {"value" : "|a-z0-d9 _.-|i", "prevent" : ["ALL"]}
]}
]
}
diff --git a/package/src/uptodate_data/php/sinks.json b/package/src/uptodate_data/php/sinks.json
index 773c4b07..29a81b60 100644
--- a/package/src/uptodate_data/php/sinks.json
+++ b/package/src/uptodate_data/php/sinks.json
@@ -1,7 +1,7 @@
{
"sinks": [
- {"name": "setcookie", "parameters": [{"id": 2}], "language": "php", "attack": "session_fixation", "cwe": "CWE_384"},
- {"name": "setrawcookie", "parameters": [{"id": 2}], "language": "php", "attack": "session_fixation", "cwe": "CWE_384"},
+ {"name": "setcookie", "parameters": [{"id": 1}], "language": "php", "attack": "session_fixation", "cwe": "CWE_384"},
+ {"name": "setrawcookie", "parameters": [{"id": 1}], "language": "php", "attack": "session_fixation", "cwe": "CWE_384"},
{"name": "session_id", "parameters": [{"id": 1}], "language": "php", "attack": "session_fixation", "cwe": "CWE_384"},
{"name": "echo", "conditions": "QUOTES_HTML", "language": "php", "attack": "xss", "cwe": "CWE_79"},
@@ -24,60 +24,6 @@
{"name": "set_include_path", "parameters": [{"id": 1}], "language": "php", "attack": "file_inclusion", "cwe": "CWE_98"},
{"name": "virtual", "parameters": [{"id": 1}], "language": "php", "attack": "file_inclusion", "cwe": "CWE_98"},
- {"name": "bzread", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "bzflush", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "dio_read", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "eio_readdir", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "fdf_open", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "file", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "file_get_contents", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "finfo_file", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "fflush", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "fgetc", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "fgetcsv", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "fgets", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "fgetss", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "fread", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "fpassthru", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "fscanf", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "ftok", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "get_meta_tags", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "glob", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "gzfile", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "gzgetc", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "gzgets", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "gzgetss", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "gzread", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "gzpassthru", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "highlight_file", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "imagecreatefrompng", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "imagecreatefromjpg", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "imagecreatefromgif", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "imagecreatefromgd2", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "imagecreatefromgd2part", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "imagecreatefromgd", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "opendir", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "parse_ini_file", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "php_strip_whitespace", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "readfile", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "readgzfile", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "readlink", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "scandir", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "show_source", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "simplexml_load_file", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "stream_get_contents", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "stream_get_line", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "xdiff_file_bdiff", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "xdiff_file_bpatch", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "xdiff_file_diff_binary", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "xdiff_file_diff", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "xdiff_file_merge3", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "xdiff_file_patch_binary", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "xdiff_file_patch", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "xdiff_file_rabdiff", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "yaml_parse_file", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
- {"name": "zip_open", "parameters": [{"id": 1}], "language": "php", "attack": "file_disclosure", "cwe": "CWE_200"},
-
{"name": "w32api_register_function", "parameters": [{"id": 1}], "language": "php", "attack": "w32api command_injection", "cwe": "CWE_78"},
{"name": "w32api_invoke_function", "parameters": [{"id": 1}], "language": "php", "attack": "w32api command_injection", "cwe": "CWE_78"},
{"name": "mb_send_mail", "parameters": [{"id": 5}], "language": "php", "attack": "mail command_injection", "cwe": "CWE_78"},
@@ -170,62 +116,82 @@
{"name": "xptr_eval", "parameters": [{"id": 2}], "language": "php", "attack": "xml_injection", "cwe": "CWE_91"},
{"name": "xpath", "instanceof": "simplexml_load_file", "parameters": [{"id": 1}], "language": "php", "attack": "xml_injection", "cwe": "CWE_91"},
- {"name": "fopen", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "bzwrite", "parameters": [{"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "chmod", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "chgrp", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "chown", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "copy", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "dio_write", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "eio_chmod", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "eio_chown", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "eio_mkdir", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "eio_mknod", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "eio_rmdir", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "eio_write", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "eio_unlink", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "error_log", "parameters": [{"id": 3}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "event_buffer_write", "parameters": [{"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "file_put_contents", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "fputcsv", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "fputs", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "fprintf", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "ftruncate", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "fwrite", "parameters": [{"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "gzwrite", "parameters": [{"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "gzputs", "parameters": [{"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "loadXML", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "mkdir", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "move_uploaded_file", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "posix_mknod", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "recode_file", "parameters": [{"id": 2}, {"id": 3}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "rename", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "rmdir", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "shmop_write", "parameters": [{"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "touch", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "unlink", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "vfprintf", "parameters": [{"id": 1}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "xdiff_file_bdiff", "parameters": [{"id": 3}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "xdiff_file_bpatch", "parameters": [{"id": 3}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "xdiff_file_diff_binary", "parameters": [{"id": 3}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "xdiff_file_diff", "parameters": [{"id": 3}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "xdiff_file_merge3", "parameters": [{"id": 4}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "xdiff_file_patch_binary", "parameters": [{"id": 3}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "xdiff_file_patch", "parameters": [{"id": 3}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "xdiff_file_rabdiff", "parameters": [{"id": 3}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
- {"name": "yaml_emit_file", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "idor", "cwe": "CWE_862"},
+ {"name": "fopen", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "bzopen", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "chmod", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "chgrp", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "chown", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "copy", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "dio_open", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "eio_chmod", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "eio_chown", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "eio_mkdir", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "eio_mknod", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "eio_readdir", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "eio_rmdir", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "eio_write", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "eio_unlink", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "error_log", "parameters": [{"id": 3}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "event_buffer_write", "parameters": [{"id": 2}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "fdf_open", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "file", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "file_get_contents", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "finfo_file", "parameters": [{"id": 2}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "ftok", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "file_put_contents", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "gzopen", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "get_meta_tags", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "glob", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "gzfile", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "highlight_file", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "imagecreatefrompng", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "imagecreatefromjpg", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "imagecreatefromgif", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "imagecreatefromgd2", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "imagecreatefromgd2part", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "imagecreatefromgd", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "mkdir", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "move_uploaded_file", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "opendir", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "parse_ini_file", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "php_strip_whitespace", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "posix_mknod", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "readfile", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "readgzfile", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "readlink", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "rename", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "rmdir", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "scandir", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "show_source", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "simplexml_load_file", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "stream_get_contents", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "stream_get_line", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "touch", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "unlink", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "xdiff_file_bdiff", "parameters": [{"id": 3}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "xdiff_file_bpatch", "parameters": [{"id": 3}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "xdiff_file_diff_binary", "parameters": [{"id": 3}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "xdiff_file_diff", "parameters": [{"id": 3}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "xdiff_file_merge3", "parameters": [{"id": 4}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "xdiff_file_patch_binary", "parameters": [{"id": 3}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "xdiff_file_patch", "parameters": [{"id": 3}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "xdiff_file_rabdiff", "parameters": [{"id": 3}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "yaml_emit_file", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "yaml_parse_file", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
+ {"name": "zip_open", "parameters": [{"id": 1}], "language": "php", "attack": "path_traversal", "cwe": "CWE_22"},
{"name": "header", "parameters": [{"id": 1}], "language": "php", "attack": "header_injection", "cwe": "CWE_601"},
{"name": "yaml_parse", "parameters": [{"id": 1}], "language": "php", "attack": "code_injection", "cwe": "CWE_95"},
{"name": "unserialize", "parameters": [{"id": 1}], "language": "php", "attack": "code_injection", "cwe": "CWE_95"},
- {"name": "preg_replace", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "code_injection", "cwe": "CWE_95"},
- {"name": "mb_ereg_replace", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "code_injection", "cwe": "CWE_95"},
- {"name": "mb_eregi_replace", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "code_injection", "cwe": "CWE_95"},
- {"name": "preg_filter", "parameters": [{"id": 1}, {"id": 2}], "language": "php", "attack": "code_injection", "cwe": "CWE_95"},
{"name": "preg_replace_callback", "parameters": [{"id": 2}], "language": "php", "attack": "code_injection", "cwe": "CWE_95"},
{"name": "eval", "parameters": [{"id": 1}], "language": "php", "attack": "eval code_injection", "cwe": "CWE_95"},
{"name": "assert", "parameters": [{"id": 1}], "language": "php", "attack": "assert code_injection", "cwe": "CWE_95"},
- {"name": "create_function", "language": "php", "attack": "create_function code_injection", "cwe": "CWE_95"}
+ {"name": "create_function", "language": "php", "attack": "create_function code_injection", "cwe": "CWE_95"},
+
+ {"name": "preg_replace", "parameters": [{"id": 1}], "language": "php", "attack": "redos", "cwe": "CWE_1333"},
+ {"name": "mb_ereg_replace", "parameters": [{"id": 1}], "language": "php", "attack": "redos", "cwe": "CWE_1333"},
+ {"name": "mb_eregi_replace", "parameters": [{"id": 1}], "language": "php", "attack": "redos", "cwe": "CWE_1333"},
+ {"name": "preg_filter", "parameters": [{"id": 1}], "language": "php", "attack": "redos", "cwe": "CWE_1333"}
]
}
diff --git a/package/src/uptodate_data/php/sources.json b/package/src/uptodate_data/php/sources.json
index 91c2a5f2..3d538143 100644
--- a/package/src/uptodate_data/php/sources.json
+++ b/package/src/uptodate_data/php/sources.json
@@ -5,7 +5,7 @@
{"name": "_COOKIE", "is_array": true, "language": "php"},
{"name": "_REQUEST", "is_array": true, "language": "php"},
{"name": "_FILES", "is_array": true, "language": "php"},
- {"name": "_SERVER", "is_array": true, "language": "php"},
+ {"name": "_SERVER", "is_array": true, "array_index": ["QUERY_STRING", "HTTP_ACCEPT", "HTTP_ACCEPT_CHARSET", "HTTP_ACCEPT_ENCODING", "HTTP_ACCEPT_LANGUAGE", "HTTP_CONNECTION", "HTTP_HOST", "HTTP_REFERER", "HTTP_USER_AGENT"], "language": "php"},
{"name": "HTTP_GET_VARS", "is_array": true, "language": "php"},
{"name": "HTTP_POST_VARS", "is_array": true, "language": "php"},
{"name": "HTTP_COOKIE_VARS", "is_array": true, "language": "php"},
@@ -15,83 +15,82 @@
{"name": "HTTP_RAW_POST_DATA", "is_array": true, "language": "php"},
{"name": "argc", "language": "php"},
{"name": "argv", "is_array": true, "language": "php"},
- {"name": "shell_exec", "is_function": true, "language": "php"},
- {"name": "exec", "is_function": true, "parameters": [{"id": 2, "is_array": true, "array_index": 0}], "language": "php"},
- {"name": "fgets", "is_function": true, "language": "php"},
- {"name": "fread", "is_function": true, "language": "php"},
- {"name": "bzread", "is_function": true, "language": "php"},
- {"name": "dio_read", "is_function": true, "language": "php"},
- {"name": "exif_imagetype", "is_function": true, "language": "php"},
- {"name": "exif_read_data", "is_function": true, "language": "php"},
- {"name": "exif_thumbnail", "is_function": true, "language": "php"},
- {"name": "fgetss", "is_function": true, "language": "php"},
- {"name": "file", "is_function": true, "language": "php"},
- {"name": "file_get_contents", "is_function": true, "language": "php"},
- {"name": "get_meta_tags", "is_function": true, "language": "php"},
- {"name": "glob", "is_function": true, "language": "php"},
- {"name": "gzread", "is_function": true, "language": "php"},
- {"name": "readdir", "is_function": true, "language": "php"},
- {"name": "read_exif_data", "is_function": true, "language": "php"},
- {"name": "scandir", "is_function": true, "language": "php"},
- {"name": "zip_read", "is_function": true, "language": "php"},
- {"name": "mysql_fetch_array", "is_array": true, "is_function": true, "language": "php"},
- {"name": "mysql_fetch_assoc", "is_array": true, "is_function": true, "language": "php"},
- {"name": "mysql_fetch_object", "is_object": true, "is_function": true, "language": "php", "type": "TODO"},
- {"name": "mysql_fetch_row", "is_array": true, "is_function": true, "language": "php"},
- {"name": "mysqli_fetch_all", "is_array": true, "is_function": true, "language": "php"},
- {"name": "mysqli_fetch_array", "is_array": true, "is_function": true, "language": "php"},
- {"name": "mysqli_fetch_assoc", "is_array": true, "is_function": true, "language": "php"},
- {"name": "mysqli_fetch_object", "is_object": true, "is_function": true, "language": "php", "type": "TODO"},
- {"name": "mysqli_fetch_row", "is_array": true, "is_function": true, "language": "php"},
- {"name": "fetch_all", "is_array": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
- {"name": "fetch_array", "is_array": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
- {"name": "fetch_assoc", "is_array": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
- {"name": "fetch_object", "is_object": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
- {"name": "fetch_row", "is_array": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
- {"name": "pg_fetch_all", "is_array": true, "is_function": true, "language": "php"},
- {"name": "pg_fetch_array", "is_array": true, "is_function": true, "language": "php"},
- {"name": "pg_fetch_assoc", "is_array": true, "is_function": true, "language": "php"},
- {"name": "pg_fetch_object", "is_object": true, "is_function": true, "language": "php", "type": "TODO"},
- {"name": "pg_fetch_result", "is_function": true, "language": "php"},
- {"name": "pg_fetch_row", "is_array": true, "is_function": true, "language": "php"},
- {"name": "sqlite_fetch_all", "is_array": true, "is_function": true, "language": "php"},
- {"name": "sqlite_fetch_array", "is_array": true, "is_function": true, "language": "php"},
- {"name": "sqlite_fetch_object", "is_object": true, "is_function": true, "language": "php", "type": "TODO"},
- {"name": "sqlite_fetch_single", "is_function": true, "language": "php"},
- {"name": "sqlite_fetch_string", "is_function": true, "language": "php"},
- {"name": "fetchArray", "instanceof": "SQLite3Result", "is_array": true, "is_function": true, "language": "php"},
- {"name": "cubrid_fetch_array", "is_array": true, "is_function": true, "language": "php"},
- {"name": "cubrid_fetch", "is_array": true, "is_function": true, "language": "php"},
- {"name": "db2_fetch_assoc", "is_array": true, "is_function": true, "language": "php"},
- {"name": "db2_fetch_array", "is_array": true, "is_function": true, "language": "php"},
- {"name": "db2_fetch_both", "is_array": true, "is_function": true, "language": "php"},
- {"name": "db2_fetch_object", "is_object": true, "is_function": true, "language": "php"},
- {"name": "db2_fetch_row ", "is_array": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch_assoc", "is_array": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch_array", "is_array": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch_row", "is_array": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch", "is_array": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch_object ", "is_object": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch_assoc", "instanceof": "maxdb_result", "is_array": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch_array", "instanceof": "maxdb_result", "is_array": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch_row", "instanceof": "maxdb_result", "is_array": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch", "instanceof": "maxdb_result", "is_array": true, "is_function": true, "language": "php"},
- {"name": "maxdb_fetch_object ", "instanceof": "maxdb_result", "is_object": true, "is_function": true, "language": "php"},
- {"name": "ingres_fetch_assoc", "is_array": true, "is_function": true, "language": "php"},
- {"name": "ingres_fetch_array", "is_array": true, "is_function": true, "language": "php"},
- {"name": "ingres_fetch_object", "is_object": true, "is_function": true, "language": "php"},
- {"name": "ingres_fetch_row ", "is_array": true, "is_function": true, "language": "php"},
- {"name": "fbsql_fetch_assoc", "is_array": true, "is_function": true, "language": "php"},
- {"name": "fbsql_fetch_array", "is_array": true, "is_function": true, "language": "php"},
- {"name": "fbsql_fetch_object", "is_object": true, "is_function": true, "language": "php"},
- {"name": "fbsql_fetch_row", "is_array": true, "is_function": true, "language": "php"},
- {"name": "stream_get_contents", "is_function": true, "language": "php"},
- {"name": "system", "is_function": true, "language": "php"},
+ {"name": "shell_exec", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "exec", "stored_payload": true, "is_function": true, "parameters": [{"id": 2, "is_array": true, "array_index": 0}], "language": "php"},
+ {"name": "fgets", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "fread", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "bzread", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "dio_read", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "exif_imagetype", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "exif_read_data", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "exif_thumbnail", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "fgetss", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "file", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "file_get_contents", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "get_meta_tags", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "glob", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "gzread", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "readdir", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "read_exif_data", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "scandir", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "zip_read", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "mysql_fetch_array", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "mysql_fetch_assoc", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "mysql_fetch_object", "stored_payload": true, "is_arrayof_objects": true, "is_function": true, "language": "php", "type": "TODO"},
+ {"name": "mysql_fetch_row", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "mysqli_fetch_all", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "mysqli_fetch_array", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "mysqli_fetch_assoc", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "mysqli_fetch_object", "stored_payload": true, "is_object": true, "is_function": true, "language": "php", "type": "TODO"},
+ {"name": "mysqli_fetch_row", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "fetch_all", "stored_payload": true, "is_array": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
+ {"name": "fetch_array", "stored_payload": true, "is_array": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
+ {"name": "fetch_assoc", "stored_payload": true, "is_array": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
+ {"name": "fetch_object", "stored_payload": true, "is_object": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
+ {"name": "fetch_row", "stored_payload": true, "is_array": true, "instanceof": "mysqli_result", "is_function": true, "language": "php"},
+ {"name": "pg_fetch_all", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "pg_fetch_array", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "pg_fetch_assoc", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "pg_fetch_object", "stored_payload": true, "is_object": true, "is_function": true, "language": "php", "type": "TODO"},
+ {"name": "pg_fetch_result", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "pg_fetch_row", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "sqlite_fetch_all", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "sqlite_fetch_array", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "sqlite_fetch_object", "stored_payload": true, "is_object": true, "is_function": true, "language": "php", "type": "TODO"},
+ {"name": "sqlite_fetch_single", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "sqlite_fetch_string", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "fetchArray", "stored_payload": true, "instanceof": "SQLite3Result", "is_array": true, "is_function": true, "language": "php"},
+ {"name": "cubrid_fetch_array", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "cubrid_fetch", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "db2_fetch_assoc", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "db2_fetch_array", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "db2_fetch_both", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "db2_fetch_object", "stored_payload": true, "is_object": true, "is_function": true, "language": "php"},
+ {"name": "db2_fetch_row ", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch_assoc", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch_array", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch_row", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch_object", "stored_payload": true, "is_object": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch_assoc", "stored_payload": true, "instanceof": "maxdb_result", "is_array": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch_array", "stored_payload": true, "instanceof": "maxdb_result", "is_array": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch_row", "stored_payload": true, "instanceof": "maxdb_result", "is_array": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch", "stored_payload": true, "instanceof": "maxdb_result", "is_array": true, "is_function": true, "language": "php"},
+ {"name": "maxdb_fetch_object", "stored_payload": true, "instanceof": "maxdb_result", "is_object": true, "is_function": true, "language": "php"},
+ {"name": "ingres_fetch_assoc", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "ingres_fetch_array", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "ingres_fetch_object", "stored_payload": true, "is_object": true, "is_function": true, "language": "php"},
+ {"name": "ingres_fetch_row", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "fbsql_fetch_assoc", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "fbsql_fetch_array", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "fbsql_fetch_object", "stored_payload": true, "is_object": true, "is_function": true, "language": "php"},
+ {"name": "fbsql_fetch_row", "stored_payload": true, "is_array": true, "is_function": true, "language": "php"},
+ {"name": "stream_get_contents", "stored_payload": true, "is_function": true, "language": "php"},
+ {"name": "system", "stored_payload": true, "is_function": true, "language": "php"},
{"name": "get_headers", "is_function": true, "language": "php"},
{"name": "getallheaders", "is_function": true, "language": "php"},
{"name": "get_browser", "is_function": true, "language": "php"},
{"name": "getenv", "is_function": true, "language": "php"},
- {"name": "gethostbyaddr", "is_function": true, "language": "php"},
{"name": "runkit_superglobals", "is_function": true, "language": "php"},
{"name": "import_request_variables", "is_function": true, "language": "php"}
]
diff --git a/package/src/uptodate_data/php/validators.json b/package/src/uptodate_data/php/validators.json
index 2d690fb7..8553db4b 100644
--- a/package/src/uptodate_data/php/validators.json
+++ b/package/src/uptodate_data/php/validators.json
@@ -50,6 +50,12 @@
{"name": "is_callable", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
{"name": "is_iterable", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
{"name": "is_resource", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
- {"name": "empty", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]}
+ {"name": "empty", "language": "php", "parameters": [{"id": 1, "conditions": "valid"}]},
+ {"name": "strstr", "language": "php", "parameters":
+ [
+ {"id": 1, "conditions": "valid"},
+ {"id": 2, "conditions": "valid"}
+ ]
+ }
]
}
diff --git a/progpilot.yml b/progpilot.yml
index 59d1411a..13be8dc3 100644
--- a/progpilot.yml
+++ b/progpilot.yml
@@ -1,40 +1,41 @@
inputs:
- setDev: false
- setLanguages:
+ dev_mode: false
+ languages:
- php
- setFrameworks:
- - suitecrm
- - codeigniter
- - wordpress
- setSources: ~
- setSinks: ~
- setValidators: ~
- setSanitizers: ~
- setCustomRules: ~
- setIncludes: ~
- setExcludes:
- exclude_folders:
- - "./projects/"
- - ".git/"
- - "./package/src/progpilot/Transformations/Js/"
- setFolder: ~
- setFile: ~
- setCode: ~
- setResolvedIncludes: ~
- setFalsePositives: ~
+ sources:
+ keep_defaults: true
+ config_files: ~
+ sinks:
+ keep_defaults: true
+ config_files: ~
+ validators:
+ keep_defaults: true
+ config_files: ~
+ sanitizers:
+ keep_defaults: true
+ config_files: ~
+ customrules:
+ keep_defaults: true
+ config_files: ~
+ inclusions:
+ - "./tests/folders/folder5/"
+ exclusions:
+ - "vendor"
+ - "node_modules"
+ - ".git/"
+ - "./projects/"
+ - "./package/src/progpilot/Transformations/Js/"
+ resolved_includes_file: ~
+ false_positives: ~
outputs:
- taintedFlow: false
- resolveIncludes: false
- resolveIncludesFile: ~
+ tainted_flow: true
+ include_failures_file: ~
options:
- setAnalyzeIncludes: true
- setAnalyzeFunctions: true
- setAnalyzeHardRules: true
- setPrintFile: false
- setPrintWarning: false
- setPrettyPrint: true
- setLimitTime: 10
- setLimitDefs: 3000
- setLimitSize: 500000
+ analyze_includes: true
+ debug_mode: false
+ pretty_print: true
+ max_file_analysis_duration: 30
+ max_definitions: 500
+ max_file_size: 1000000
diff --git a/projects/example/composer.json b/projects/example/composer.json
index 62f44111..1b47b6dd 100644
--- a/projects/example/composer.json
+++ b/projects/example/composer.json
@@ -2,8 +2,8 @@
"name": "progpilot/example",
"description": "Example of use of Progpilot",
"require": {
- "php": "^7.0.25",
- "designsecurity/progpilot": "@dev",
- "ircmaxell/php-cfg": "@dev"
+ "php": ">=7.4",
+ "designsecurity/progpilot": "^0.8.0",
+ "ircmaxell/php-cfg": "^0.6.0"
}
}
diff --git a/projects/example_config/composer.json b/projects/example_config/composer.json
index 9d620688..eb4f1ff1 100644
--- a/projects/example_config/composer.json
+++ b/projects/example_config/composer.json
@@ -8,8 +8,8 @@
}
],
"require": {
- "php": "^7.0.25",
- "progpilot/package": "@dev",
- "ircmaxell/php-cfg": "@dev"
+ "php": ">=7.4",
+ "progpilot/package": "^0.8.0",
+ "ircmaxell/php-cfg": "^0.6.0"
}
}
diff --git a/projects/example_config/configuration.yml b/projects/example_config/configuration.yml
index 61682c42..88924ae6 100644
--- a/projects/example_config/configuration.yml
+++ b/projects/example_config/configuration.yml
@@ -1,44 +1,39 @@
inputs:
- setDev: false
- setLanguages:
+ dev_mode: false
+ languages:
- php
- setFrameworks:
- - suitecrm
- - codeigniter
- - wordpress
- - prestashop
- - symfony
- setSources: ~
- setSinks: ~
- setValidators: ~
- setSanitizers: ~
- setCustomRules: ~
- setIncludes: ~
- setExcludes:
- exclude_files:
- - "/srv/www/htdocs/phpMyAdmin/libraries/tcpdf/fonts/dejavusans.php"
- exclude_folders:
- - "/srv/www/htdocs/phpMyAdmin/themes/original/"
- - "/home/eric/Téléchargements/prestashop/vendor/"
- - "/home/eric/Téléchargements/prestashop/localization/"
- setFolder: "/home/eric/Téléchargements/drupal-8.6.1/"
- setFile: ~
- setCode: ~
- setResolvedIncludes: ~
- setFalsePositives: ~
+ sources:
+ keep_defaults: true
+ config_files: ~
+ sinks:
+ keep_defaults: true
+ config_files: ~
+ validators:
+ keep_defaults: true
+ config_files: ~
+ sanitizers:
+ keep_defaults: true
+ config_files: ~
+ customrules:
+ keep_defaults: true
+ config_files: ~
+ inclusions:
+ - "/srv/www/htdocs/website/"
+ exclusions:
+ - "vendor"
+ - "node_modules"
+ - ".git"
+ resolved_includes_file: ~
+ false_positives: ~
outputs:
- taintedFlow: false
- resolveIncludes: false
- resolveIncludesFile: ~
+ tainted_flow: true
+ include_failures_file: ~
options:
- setAnalyzeIncludes: true
- setAnalyzeFunctions: true
- setAnalyzeHardRules: true
- setPrintFile: true
- setPrintWarning: false
- setPrettyPrint: true
- setLimitTime: 10
- setLimitDefs: 3000
- setLimitSize: 500000
+ analyze_includes: true
+ debug_mode: false
+ pretty_print: true
+ max_file_analysis_duration: 30
+ max_definitions: 500
+ max_file_size: 1000000
diff --git a/projects/phar/composer.json b/projects/phar/composer.json
index a0f2e7d1..1bb7c392 100644
--- a/projects/phar/composer.json
+++ b/projects/phar/composer.json
@@ -9,11 +9,12 @@
}
],
"require": {
- "php": "^7.0.25",
+ "php": ">=7.4",
"progpilot/package": "@dev",
- "ircmaxell/php-cfg": "@dev",
- "symfony/yaml": "3.3.6",
- "symfony/console": "3.3.5"
+ "ircmaxell/php-cfg": "^0.6.0",
+ "symfony/yaml": ">=3.3.6",
+ "symfony/console": ">=3.3.5",
+ "myclabs/deep-copy": "^1.10.2"
},
"bin": ["progpilot"]
}
diff --git a/projects/phar/progpilot b/projects/phar/progpilot
old mode 100644
new mode 100755
diff --git a/projects/tests/.phpunit.result.cache b/projects/tests/.phpunit.result.cache
deleted file mode 100644
index 24b0b976..00000000
--- a/projects/tests/.phpunit.result.cache
+++ /dev/null
@@ -1 +0,0 @@
-C:37:"PHPUnit\Runner\DefaultTestResultCache":83587:{a:2:{s:7:"defects";a:1:{s:43:"RunAllTest::testSecurity with data set #176";i:3;}s:5:"times";a:1412:{s:41:"RunAllTest::testSecurity with data set #0";d:0.086;s:41:"RunAllTest::testSecurity with data set #1";d:0.021;s:41:"RunAllTest::testSecurity with data set #2";d:0.015;s:41:"RunAllTest::testSecurity with data set #3";d:0.017;s:41:"RunAllTest::testSecurity with data set #4";d:0.025;s:41:"RunAllTest::testSecurity with data set #5";d:0.019;s:41:"RunAllTest::testSecurity with data set #6";d:0.018;s:41:"RunAllTest::testSecurity with data set #7";d:0.018;s:41:"RunAllTest::testSecurity with data set #8";d:0.02;s:41:"RunAllTest::testSecurity with data set #9";d:0.019;s:42:"RunAllTest::testSecurity with data set #10";d:0.023;s:42:"RunAllTest::testSecurity with data set #11";d:0.042;s:42:"RunAllTest::testSecurity with data set #12";d:0.031;s:42:"RunAllTest::testSecurity with data set #13";d:0.025;s:42:"RunAllTest::testSecurity with data set #14";d:0.033;s:42:"RunAllTest::testSecurity with data set #15";d:0.022;s:42:"RunAllTest::testSecurity with data set #16";d:0.022;s:42:"RunAllTest::testSecurity with data set #17";d:0.024;s:42:"RunAllTest::testSecurity with data set #18";d:0.035;s:42:"RunAllTest::testSecurity with data set #19";d:0.035;s:42:"RunAllTest::testSecurity with data set #20";d:0.034;s:42:"RunAllTest::testSecurity with data set #21";d:0.023;s:42:"RunAllTest::testSecurity with data set #22";d:0.032;s:42:"RunAllTest::testSecurity with data set #23";d:0.027;s:42:"RunAllTest::testSecurity with data set #24";d:0.017;s:42:"RunAllTest::testSecurity with data set #25";d:0.019;s:42:"RunAllTest::testSecurity with data set #26";d:0.022;s:42:"RunAllTest::testSecurity with data set #27";d:0.015;s:42:"RunAllTest::testSecurity with data set #28";d:0.032;s:42:"RunAllTest::testSecurity with data set #29";d:0.017;s:42:"RunAllTest::testSecurity with data set #30";d:0.018;s:42:"RunAllTest::testSecurity with data set #31";d:0.02;s:42:"RunAllTest::testSecurity with data set #32";d:0.101;s:42:"RunAllTest::testSecurity with data set #33";d:0.028;s:42:"RunAllTest::testSecurity with data set #34";d:0.138;s:42:"RunAllTest::testSecurity with data set #35";d:0.015;s:42:"RunAllTest::testSecurity with data set #36";d:0.788;s:42:"RunAllTest::testSecurity with data set #37";d:0.019;s:42:"RunAllTest::testSecurity with data set #38";d:0.02;s:42:"RunAllTest::testSecurity with data set #39";d:0.019;s:42:"RunAllTest::testSecurity with data set #40";d:0.02;s:42:"RunAllTest::testSecurity with data set #41";d:0.024;s:42:"RunAllTest::testSecurity with data set #42";d:0.02;s:42:"RunAllTest::testSecurity with data set #43";d:0.02;s:42:"RunAllTest::testSecurity with data set #44";d:0.02;s:42:"RunAllTest::testSecurity with data set #45";d:0.066;s:42:"RunAllTest::testSecurity with data set #46";d:0.017;s:42:"RunAllTest::testSecurity with data set #47";d:0.016;s:42:"RunAllTest::testSecurity with data set #48";d:0.021;s:42:"RunAllTest::testSecurity with data set #49";d:0.019;s:42:"RunAllTest::testSecurity with data set #50";d:0.019;s:42:"RunAllTest::testSecurity with data set #51";d:0.019;s:42:"RunAllTest::testSecurity with data set #52";d:0.019;s:42:"RunAllTest::testSecurity with data set #53";d:0.026;s:42:"RunAllTest::testSecurity with data set #54";d:0.016;s:42:"RunAllTest::testSecurity with data set #55";d:0.026;s:42:"RunAllTest::testSecurity with data set #56";d:0.044;s:42:"RunAllTest::testSecurity with data set #57";d:0.016;s:42:"RunAllTest::testSecurity with data set #58";d:0.015;s:42:"RunAllTest::testSecurity with data set #59";d:0.014;s:42:"RunAllTest::testSecurity with data set #60";d:0.018;s:42:"RunAllTest::testSecurity with data set #61";d:0.024;s:42:"RunAllTest::testSecurity with data set #62";d:0.025;s:42:"RunAllTest::testSecurity with data set #63";d:0.019;s:42:"RunAllTest::testSecurity with data set #64";d:0.021;s:42:"RunAllTest::testSecurity with data set #65";d:0.033;s:42:"RunAllTest::testSecurity with data set #66";d:0.025;s:42:"RunAllTest::testSecurity with data set #67";d:0.017;s:42:"RunAllTest::testSecurity with data set #68";d:0.024;s:42:"RunAllTest::testSecurity with data set #69";d:0.024;s:42:"RunAllTest::testSecurity with data set #70";d:0.02;s:42:"RunAllTest::testSecurity with data set #71";d:0.021;s:42:"RunAllTest::testSecurity with data set #72";d:0.023;s:42:"RunAllTest::testSecurity with data set #73";d:0.021;s:42:"RunAllTest::testSecurity with data set #74";d:0.018;s:42:"RunAllTest::testSecurity with data set #75";d:0.132;s:42:"RunAllTest::testSecurity with data set #76";d:0.07;s:42:"RunAllTest::testSecurity with data set #77";d:0.038;s:42:"RunAllTest::testSecurity with data set #78";d:0.033;s:42:"RunAllTest::testSecurity with data set #79";d:0.029;s:42:"RunAllTest::testSecurity with data set #80";d:0.035;s:42:"RunAllTest::testSecurity with data set #81";d:0.039;s:42:"RunAllTest::testSecurity with data set #82";d:0.031;s:42:"RunAllTest::testSecurity with data set #83";d:0.031;s:42:"RunAllTest::testSecurity with data set #84";d:0.029;s:42:"RunAllTest::testSecurity with data set #85";d:0.026;s:42:"RunAllTest::testSecurity with data set #86";d:0.028;s:42:"RunAllTest::testSecurity with data set #87";d:0.034;s:42:"RunAllTest::testSecurity with data set #88";d:0.029;s:42:"RunAllTest::testSecurity with data set #89";d:0.031;s:42:"RunAllTest::testSecurity with data set #90";d:0.026;s:42:"RunAllTest::testSecurity with data set #91";d:0.026;s:42:"RunAllTest::testSecurity with data set #92";d:0.021;s:42:"RunAllTest::testSecurity with data set #93";d:0.024;s:42:"RunAllTest::testSecurity with data set #94";d:0.029;s:42:"RunAllTest::testSecurity with data set #95";d:0.023;s:42:"RunAllTest::testSecurity with data set #96";d:0.02;s:42:"RunAllTest::testSecurity with data set #97";d:0.036;s:42:"RunAllTest::testSecurity with data set #98";d:0.021;s:42:"RunAllTest::testSecurity with data set #99";d:0.196;s:43:"RunAllTest::testSecurity with data set #100";d:0.031;s:43:"RunAllTest::testSecurity with data set #101";d:0.032;s:43:"RunAllTest::testSecurity with data set #102";d:0.029;s:43:"RunAllTest::testSecurity with data set #103";d:0.03;s:43:"RunAllTest::testSecurity with data set #104";d:0.027;s:43:"RunAllTest::testSecurity with data set #105";d:0.027;s:43:"RunAllTest::testSecurity with data set #106";d:0.028;s:43:"RunAllTest::testSecurity with data set #107";d:0.025;s:43:"RunAllTest::testSecurity with data set #108";d:0.026;s:43:"RunAllTest::testSecurity with data set #109";d:0.027;s:43:"RunAllTest::testSecurity with data set #110";d:0.028;s:43:"RunAllTest::testSecurity with data set #111";d:0.027;s:43:"RunAllTest::testSecurity with data set #112";d:0.031;s:43:"RunAllTest::testSecurity with data set #113";d:0.031;s:43:"RunAllTest::testSecurity with data set #114";d:0.03;s:43:"RunAllTest::testSecurity with data set #115";d:0.023;s:43:"RunAllTest::testSecurity with data set #116";d:0.031;s:43:"RunAllTest::testSecurity with data set #117";d:0.029;s:43:"RunAllTest::testSecurity with data set #118";d:0.786;s:43:"RunAllTest::testSecurity with data set #119";d:0.031;s:43:"RunAllTest::testSecurity with data set #120";d:0.036;s:43:"RunAllTest::testSecurity with data set #121";d:0.031;s:43:"RunAllTest::testSecurity with data set #122";d:0.033;s:43:"RunAllTest::testSecurity with data set #123";d:0.038;s:43:"RunAllTest::testSecurity with data set #124";d:0.029;s:43:"RunAllTest::testSecurity with data set #125";d:0.027;s:43:"RunAllTest::testSecurity with data set #126";d:0.033;s:43:"RunAllTest::testSecurity with data set #127";d:0.027;s:43:"RunAllTest::testSecurity with data set #128";d:0.03;s:43:"RunAllTest::testSecurity with data set #129";d:0.027;s:43:"RunAllTest::testSecurity with data set #130";d:0.025;s:43:"RunAllTest::testSecurity with data set #131";d:0.029;s:43:"RunAllTest::testSecurity with data set #132";d:0.06;s:43:"RunAllTest::testSecurity with data set #133";d:0.029;s:43:"RunAllTest::testSecurity with data set #134";d:0.104;s:43:"RunAllTest::testSecurity with data set #135";d:0.032;s:43:"RunAllTest::testSecurity with data set #136";d:0.041;s:43:"RunAllTest::testSecurity with data set #137";d:0.029;s:43:"RunAllTest::testSecurity with data set #138";d:0.028;s:43:"RunAllTest::testSecurity with data set #139";d:0.038;s:43:"RunAllTest::testSecurity with data set #140";d:0.049;s:43:"RunAllTest::testSecurity with data set #141";d:0.028;s:43:"RunAllTest::testSecurity with data set #142";d:0.027;s:43:"RunAllTest::testSecurity with data set #143";d:0.026;s:43:"RunAllTest::testSecurity with data set #144";d:0.023;s:43:"RunAllTest::testSecurity with data set #145";d:0.028;s:43:"RunAllTest::testSecurity with data set #146";d:0.024;s:43:"RunAllTest::testSecurity with data set #147";d:0.025;s:43:"RunAllTest::testSecurity with data set #148";d:0.026;s:43:"RunAllTest::testSecurity with data set #149";d:0.035;s:43:"RunAllTest::testSecurity with data set #150";d:0.03;s:43:"RunAllTest::testSecurity with data set #151";d:0.057;s:43:"RunAllTest::testSecurity with data set #152";d:0.035;s:43:"RunAllTest::testSecurity with data set #153";d:0.035;s:43:"RunAllTest::testSecurity with data set #154";d:0.028;s:43:"RunAllTest::testSecurity with data set #155";d:0.021;s:43:"RunAllTest::testSecurity with data set #156";d:0.03;s:43:"RunAllTest::testSecurity with data set #157";d:0.027;s:43:"RunAllTest::testSecurity with data set #158";d:0.018;s:43:"RunAllTest::testSecurity with data set #159";d:0.034;s:43:"RunAllTest::testSecurity with data set #160";d:0.076;s:43:"RunAllTest::testSecurity with data set #161";d:0.033;s:43:"RunAllTest::testSecurity with data set #162";d:0.034;s:43:"RunAllTest::testSecurity with data set #163";d:0.048;s:43:"RunAllTest::testSecurity with data set #164";d:0.049;s:43:"RunAllTest::testSecurity with data set #165";d:0.038;s:43:"RunAllTest::testSecurity with data set #166";d:0.025;s:43:"RunAllTest::testSecurity with data set #167";d:0.026;s:43:"RunAllTest::testSecurity with data set #168";d:0.033;s:43:"RunAllTest::testSecurity with data set #169";d:0.033;s:43:"RunAllTest::testSecurity with data set #170";d:0.023;s:43:"RunAllTest::testSecurity with data set #171";d:0.062;s:43:"RunAllTest::testSecurity with data set #172";d:0.01;s:43:"RunAllTest::testSecurity with data set #173";d:0.025;s:43:"RunAllTest::testSecurity with data set #174";d:0.052;s:43:"RunAllTest::testSecurity with data set #175";d:0.025;s:43:"RunAllTest::testSecurity with data set #176";d:0.032;s:43:"RunAllTest::testSecurity with data set #177";d:0.061;s:43:"RunAllTest::testSecurity with data set #178";d:0.033;s:43:"RunAllTest::testSecurity with data set #179";d:0.033;s:43:"RunAllTest::testSecurity with data set #180";d:0.043;s:43:"RunAllTest::testSecurity with data set #181";d:0.053;s:43:"RunAllTest::testSecurity with data set #182";d:0.04;s:43:"RunAllTest::testSecurity with data set #183";d:0.055;s:43:"RunAllTest::testSecurity with data set #184";d:0.047;s:43:"RunAllTest::testSecurity with data set #185";d:0.043;s:43:"RunAllTest::testSecurity with data set #186";d:0.058;s:43:"RunAllTest::testSecurity with data set #187";d:0.032;s:43:"RunAllTest::testSecurity with data set #188";d:0.094;s:43:"RunAllTest::testSecurity with data set #189";d:0.044;s:43:"RunAllTest::testSecurity with data set #190";d:0.05;s:43:"RunAllTest::testSecurity with data set #191";d:0.053;s:43:"RunAllTest::testSecurity with data set #192";d:0.052;s:43:"RunAllTest::testSecurity with data set #193";d:0.041;s:43:"RunAllTest::testSecurity with data set #194";d:0.103;s:43:"RunAllTest::testSecurity with data set #195";d:0.035;s:43:"RunAllTest::testSecurity with data set #196";d:0.039;s:43:"RunAllTest::testSecurity with data set #197";d:0.037;s:43:"RunAllTest::testSecurity with data set #198";d:0.041;s:43:"RunAllTest::testSecurity with data set #199";d:0.034;s:43:"RunAllTest::testSecurity with data set #200";d:0.042;s:43:"RunAllTest::testSecurity with data set #201";d:0.035;s:43:"RunAllTest::testSecurity with data set #202";d:0.035;s:43:"RunAllTest::testSecurity with data set #203";d:0.027;s:43:"RunAllTest::testSecurity with data set #204";d:0.028;s:43:"RunAllTest::testSecurity with data set #205";d:0.028;s:43:"RunAllTest::testSecurity with data set #206";d:0.039;s:43:"RunAllTest::testSecurity with data set #207";d:0.027;s:43:"RunAllTest::testSecurity with data set #208";d:0.073;s:43:"RunAllTest::testSecurity with data set #209";d:0.043;s:43:"RunAllTest::testSecurity with data set #210";d:0.052;s:43:"RunAllTest::testSecurity with data set #211";d:0.029;s:43:"RunAllTest::testSecurity with data set #212";d:0.036;s:43:"RunAllTest::testSecurity with data set #213";d:0.026;s:43:"RunAllTest::testSecurity with data set #214";d:0.03;s:43:"RunAllTest::testSecurity with data set #215";d:0.03;s:43:"RunAllTest::testSecurity with data set #216";d:0.026;s:43:"RunAllTest::testSecurity with data set #217";d:0.027;s:43:"RunAllTest::testSecurity with data set #218";d:0.028;s:43:"RunAllTest::testSecurity with data set #219";d:0.028;s:43:"RunAllTest::testSecurity with data set #220";d:0.023;s:43:"RunAllTest::testSecurity with data set #221";d:0.029;s:43:"RunAllTest::testSecurity with data set #222";d:0.022;s:43:"RunAllTest::testSecurity with data set #223";d:0.03;s:43:"RunAllTest::testSecurity with data set #224";d:0.039;s:43:"RunAllTest::testSecurity with data set #225";d:0.032;s:43:"RunAllTest::testSecurity with data set #226";d:0.037;s:43:"RunAllTest::testSecurity with data set #227";d:0.07;s:43:"RunAllTest::testSecurity with data set #228";d:0.032;s:43:"RunAllTest::testSecurity with data set #229";d:0.035;s:43:"RunAllTest::testSecurity with data set #230";d:0.032;s:43:"RunAllTest::testSecurity with data set #231";d:0.043;s:43:"RunAllTest::testSecurity with data set #232";d:0.034;s:43:"RunAllTest::testSecurity with data set #233";d:0.032;s:43:"RunAllTest::testSecurity with data set #234";d:0.028;s:43:"RunAllTest::testSecurity with data set #235";d:0.05;s:43:"RunAllTest::testSecurity with data set #236";d:0.046;s:43:"RunAllTest::testSecurity with data set #237";d:0.03;s:43:"RunAllTest::testSecurity with data set #238";d:0.026;s:43:"RunAllTest::testSecurity with data set #239";d:0.03;s:43:"RunAllTest::testSecurity with data set #240";d:0.028;s:43:"RunAllTest::testSecurity with data set #241";d:0.033;s:43:"RunAllTest::testSecurity with data set #242";d:0.029;s:43:"RunAllTest::testSecurity with data set #243";d:0.039;s:43:"RunAllTest::testSecurity with data set #244";d:0.035;s:43:"RunAllTest::testSecurity with data set #245";d:0.067;s:43:"RunAllTest::testSecurity with data set #246";d:0.059;s:43:"RunAllTest::testSecurity with data set #247";d:0.05;s:43:"RunAllTest::testSecurity with data set #248";d:0.042;s:43:"RunAllTest::testSecurity with data set #249";d:0.049;s:43:"RunAllTest::testSecurity with data set #250";d:0.034;s:43:"RunAllTest::testSecurity with data set #251";d:0.038;s:43:"RunAllTest::testSecurity with data set #252";d:0.05;s:43:"RunAllTest::testSecurity with data set #253";d:0.027;s:43:"RunAllTest::testSecurity with data set #254";d:0.032;s:43:"RunAllTest::testSecurity with data set #255";d:0.031;s:43:"RunAllTest::testSecurity with data set #256";d:0.061;s:43:"RunAllTest::testSecurity with data set #257";d:0.034;s:43:"RunAllTest::testSecurity with data set #258";d:0.032;s:43:"RunAllTest::testSecurity with data set #259";d:0.036;s:43:"RunAllTest::testSecurity with data set #260";d:0.035;s:43:"RunAllTest::testSecurity with data set #261";d:0.033;s:43:"RunAllTest::testSecurity with data set #262";d:0.038;s:43:"RunAllTest::testSecurity with data set #263";d:0.037;s:43:"RunAllTest::testSecurity with data set #264";d:0.034;s:43:"RunAllTest::testSecurity with data set #265";d:0.042;s:43:"RunAllTest::testSecurity with data set #266";d:0.044;s:43:"RunAllTest::testSecurity with data set #267";d:0.034;s:43:"RunAllTest::testSecurity with data set #268";d:0.07;s:43:"RunAllTest::testSecurity with data set #269";d:0.039;s:43:"RunAllTest::testSecurity with data set #270";d:0.04;s:43:"RunAllTest::testSecurity with data set #271";d:0.028;s:43:"RunAllTest::testSecurity with data set #272";d:0.024;s:43:"RunAllTest::testSecurity with data set #273";d:0.028;s:43:"RunAllTest::testSecurity with data set #274";d:0.024;s:43:"RunAllTest::testSecurity with data set #275";d:0.034;s:43:"RunAllTest::testSecurity with data set #276";d:0.027;s:43:"RunAllTest::testSecurity with data set #277";d:0.029;s:43:"RunAllTest::testSecurity with data set #278";d:0.029;s:43:"RunAllTest::testSecurity with data set #279";d:0.026;s:43:"RunAllTest::testSecurity with data set #280";d:0.045;s:43:"RunAllTest::testSecurity with data set #281";d:0.033;s:43:"RunAllTest::testSecurity with data set #282";d:0.033;s:43:"RunAllTest::testSecurity with data set #283";d:0.034;s:43:"RunAllTest::testSecurity with data set #284";d:0.034;s:43:"RunAllTest::testSecurity with data set #285";d:0.046;s:43:"RunAllTest::testSecurity with data set #286";d:0.044;s:43:"RunAllTest::testSecurity with data set #287";d:0.037;s:43:"RunAllTest::testSecurity with data set #288";d:0.041;s:43:"RunAllTest::testSecurity with data set #289";d:0.027;s:43:"RunAllTest::testSecurity with data set #290";d:0.066;s:43:"RunAllTest::testSecurity with data set #291";d:0.036;s:43:"RunAllTest::testSecurity with data set #292";d:0.037;s:43:"RunAllTest::testSecurity with data set #293";d:0.04;s:43:"RunAllTest::testSecurity with data set #294";d:0.037;s:43:"RunAllTest::testSecurity with data set #295";d:0.035;s:43:"RunAllTest::testSecurity with data set #296";d:0.031;s:43:"RunAllTest::testSecurity with data set #297";d:0.031;s:43:"RunAllTest::testSecurity with data set #298";d:0.033;s:43:"RunAllTest::testSecurity with data set #299";d:0.04;s:43:"RunAllTest::testSecurity with data set #300";d:0.033;s:43:"RunAllTest::testSecurity with data set #301";d:0.036;s:43:"RunAllTest::testSecurity with data set #302";d:0.058;s:43:"RunAllTest::testSecurity with data set #303";d:0.039;s:43:"RunAllTest::testSecurity with data set #304";d:0.034;s:43:"RunAllTest::testSecurity with data set #305";d:0.043;s:43:"RunAllTest::testSecurity with data set #306";d:0.04;s:43:"RunAllTest::testSecurity with data set #307";d:0.027;s:43:"RunAllTest::testSecurity with data set #308";d:0.026;s:43:"RunAllTest::testSecurity with data set #309";d:0.033;s:43:"RunAllTest::testSecurity with data set #310";d:0.03;s:43:"RunAllTest::testSecurity with data set #311";d:0.054;s:43:"RunAllTest::testSecurity with data set #312";d:0.031;s:43:"RunAllTest::testSecurity with data set #313";d:0.035;s:43:"RunAllTest::testSecurity with data set #314";d:0.034;s:43:"RunAllTest::testSecurity with data set #315";d:0.044;s:43:"RunAllTest::testSecurity with data set #316";d:0.036;s:43:"RunAllTest::testSecurity with data set #317";d:0.037;s:43:"RunAllTest::testSecurity with data set #318";d:0.038;s:43:"RunAllTest::testSecurity with data set #319";d:0.045;s:43:"RunAllTest::testSecurity with data set #320";d:0.041;s:43:"RunAllTest::testSecurity with data set #321";d:0.037;s:43:"RunAllTest::testSecurity with data set #322";d:0.068;s:43:"RunAllTest::testSecurity with data set #323";d:0.053;s:43:"RunAllTest::testSecurity with data set #324";d:0.051;s:43:"RunAllTest::testSecurity with data set #325";d:0.041;s:43:"RunAllTest::testSecurity with data set #326";d:0.033;s:43:"RunAllTest::testSecurity with data set #327";d:0.032;s:43:"RunAllTest::testSecurity with data set #328";d:0.032;s:43:"RunAllTest::testSecurity with data set #329";d:0.032;s:43:"RunAllTest::testSecurity with data set #330";d:0.032;s:43:"RunAllTest::testSecurity with data set #331";d:0.039;s:43:"RunAllTest::testSecurity with data set #332";d:0.044;s:43:"RunAllTest::testSecurity with data set #333";d:0.068;s:43:"RunAllTest::testSecurity with data set #334";d:0.038;s:43:"RunAllTest::testSecurity with data set #335";d:0.053;s:43:"RunAllTest::testSecurity with data set #336";d:0.045;s:43:"RunAllTest::testSecurity with data set #337";d:0.058;s:43:"RunAllTest::testSecurity with data set #338";d:0.073;s:43:"RunAllTest::testSecurity with data set #339";d:0.055;s:43:"RunAllTest::testSecurity with data set #340";d:0.054;s:43:"RunAllTest::testSecurity with data set #341";d:0.055;s:43:"RunAllTest::testSecurity with data set #342";d:0.071;s:43:"RunAllTest::testSecurity with data set #343";d:0.039;s:43:"RunAllTest::testSecurity with data set #344";d:0.034;s:43:"RunAllTest::testSecurity with data set #345";d:0.036;s:43:"RunAllTest::testSecurity with data set #346";d:0.035;s:43:"RunAllTest::testSecurity with data set #347";d:0.033;s:43:"RunAllTest::testSecurity with data set #348";d:0.033;s:43:"RunAllTest::testSecurity with data set #349";d:0.032;s:43:"RunAllTest::testSecurity with data set #350";d:0.039;s:43:"RunAllTest::testSecurity with data set #351";d:0.032;s:43:"RunAllTest::testSecurity with data set #352";d:0.033;s:43:"RunAllTest::testSecurity with data set #353";d:0.067;s:43:"RunAllTest::testSecurity with data set #354";d:0.051;s:43:"RunAllTest::testSecurity with data set #355";d:0.065;s:43:"RunAllTest::testSecurity with data set #356";d:0.066;s:43:"RunAllTest::testSecurity with data set #357";d:0.052;s:43:"RunAllTest::testSecurity with data set #358";d:0.045;s:43:"RunAllTest::testSecurity with data set #359";d:0.064;s:43:"RunAllTest::testSecurity with data set #360";d:0.041;s:43:"RunAllTest::testSecurity with data set #361";d:0.033;s:43:"RunAllTest::testSecurity with data set #362";d:0.034;s:43:"RunAllTest::testSecurity with data set #363";d:0.035;s:43:"RunAllTest::testSecurity with data set #364";d:0.034;s:43:"RunAllTest::testSecurity with data set #365";d:0.035;s:43:"RunAllTest::testSecurity with data set #366";d:0.035;s:43:"RunAllTest::testSecurity with data set #367";d:0.033;s:43:"RunAllTest::testSecurity with data set #368";d:0.05;s:43:"RunAllTest::testSecurity with data set #369";d:0.033;s:43:"RunAllTest::testSecurity with data set #370";d:0.03;s:43:"RunAllTest::testSecurity with data set #371";d:0.04;s:43:"RunAllTest::testSecurity with data set #372";d:0.034;s:43:"RunAllTest::testSecurity with data set #373";d:0.038;s:43:"RunAllTest::testSecurity with data set #374";d:0.036;s:43:"RunAllTest::testSecurity with data set #375";d:0.041;s:43:"RunAllTest::testSecurity with data set #376";d:0.054;s:43:"RunAllTest::testSecurity with data set #377";d:0.04;s:43:"RunAllTest::testSecurity with data set #378";d:0.041;s:43:"RunAllTest::testSecurity with data set #379";d:0.032;s:43:"RunAllTest::testSecurity with data set #380";d:0.03;s:43:"RunAllTest::testSecurity with data set #381";d:0.031;s:43:"RunAllTest::testSecurity with data set #382";d:0.028;s:43:"RunAllTest::testSecurity with data set #383";d:0.052;s:43:"RunAllTest::testSecurity with data set #384";d:0.032;s:43:"RunAllTest::testSecurity with data set #385";d:0.037;s:43:"RunAllTest::testSecurity with data set #386";d:0.042;s:43:"RunAllTest::testSecurity with data set #387";d:0.034;s:43:"RunAllTest::testSecurity with data set #388";d:0.033;s:43:"RunAllTest::testSecurity with data set #389";d:0.042;s:43:"RunAllTest::testSecurity with data set #390";d:0.034;s:43:"RunAllTest::testSecurity with data set #391";d:0.036;s:43:"RunAllTest::testSecurity with data set #392";d:0.059;s:43:"RunAllTest::testSecurity with data set #393";d:0.043;s:43:"RunAllTest::testSecurity with data set #394";d:0.045;s:43:"RunAllTest::testSecurity with data set #395";d:0.043;s:43:"RunAllTest::testSecurity with data set #396";d:0.041;s:43:"RunAllTest::testSecurity with data set #397";d:0.032;s:43:"RunAllTest::testSecurity with data set #398";d:0.032;s:43:"RunAllTest::testSecurity with data set #399";d:0.035;s:43:"RunAllTest::testSecurity with data set #400";d:0.055;s:43:"RunAllTest::testSecurity with data set #401";d:0.033;s:43:"RunAllTest::testSecurity with data set #402";d:0.034;s:43:"RunAllTest::testSecurity with data set #403";d:0.036;s:43:"RunAllTest::testSecurity with data set #404";d:0.033;s:43:"RunAllTest::testSecurity with data set #405";d:0.028;s:43:"RunAllTest::testSecurity with data set #406";d:0.028;s:43:"RunAllTest::testSecurity with data set #407";d:0.038;s:43:"RunAllTest::testSecurity with data set #408";d:0.033;s:43:"RunAllTest::testSecurity with data set #409";d:0.033;s:43:"RunAllTest::testSecurity with data set #410";d:0.057;s:43:"RunAllTest::testSecurity with data set #411";d:0.038;s:43:"RunAllTest::testSecurity with data set #412";d:0.044;s:43:"RunAllTest::testSecurity with data set #413";d:0.036;s:43:"RunAllTest::testSecurity with data set #414";d:0.049;s:43:"RunAllTest::testSecurity with data set #415";d:0.032;s:43:"RunAllTest::testSecurity with data set #416";d:0.029;s:43:"RunAllTest::testSecurity with data set #417";d:0.03;s:43:"RunAllTest::testSecurity with data set #418";d:0.031;s:43:"RunAllTest::testSecurity with data set #419";d:0.061;s:43:"RunAllTest::testSecurity with data set #420";d:0.033;s:43:"RunAllTest::testSecurity with data set #421";d:0.033;s:43:"RunAllTest::testSecurity with data set #422";d:0.038;s:43:"RunAllTest::testSecurity with data set #423";d:0.037;s:43:"RunAllTest::testSecurity with data set #424";d:0.037;s:43:"RunAllTest::testSecurity with data set #425";d:0.041;s:43:"RunAllTest::testSecurity with data set #426";d:0.045;s:43:"RunAllTest::testSecurity with data set #427";d:0.04;s:43:"RunAllTest::testSecurity with data set #428";d:0.062;s:43:"RunAllTest::testSecurity with data set #429";d:0.054;s:43:"RunAllTest::testSecurity with data set #430";d:0.042;s:43:"RunAllTest::testSecurity with data set #431";d:0.042;s:43:"RunAllTest::testSecurity with data set #432";d:0.043;s:43:"RunAllTest::testSecurity with data set #433";d:0.03;s:43:"RunAllTest::testSecurity with data set #434";d:0.028;s:43:"RunAllTest::testSecurity with data set #435";d:0.049;s:43:"RunAllTest::testSecurity with data set #436";d:0.035;s:43:"RunAllTest::testSecurity with data set #437";d:0.046;s:43:"RunAllTest::testSecurity with data set #438";d:0.049;s:43:"RunAllTest::testSecurity with data set #439";d:0.042;s:43:"RunAllTest::testSecurity with data set #440";d:0.033;s:43:"RunAllTest::testSecurity with data set #441";d:0.031;s:43:"RunAllTest::testSecurity with data set #442";d:0.031;s:43:"RunAllTest::testSecurity with data set #443";d:0.039;s:43:"RunAllTest::testSecurity with data set #444";d:0.054;s:43:"RunAllTest::testSecurity with data set #445";d:0.035;s:43:"RunAllTest::testSecurity with data set #446";d:0.038;s:43:"RunAllTest::testSecurity with data set #447";d:0.038;s:43:"RunAllTest::testSecurity with data set #448";d:0.041;s:43:"RunAllTest::testSecurity with data set #449";d:0.038;s:43:"RunAllTest::testSecurity with data set #450";d:0.048;s:43:"RunAllTest::testSecurity with data set #451";d:0.056;s:43:"RunAllTest::testSecurity with data set #452";d:0.121;s:43:"RunAllTest::testSecurity with data set #453";d:0.06;s:43:"RunAllTest::testSecurity with data set #454";d:0.055;s:43:"RunAllTest::testSecurity with data set #455";d:0.053;s:43:"RunAllTest::testSecurity with data set #456";d:0.045;s:43:"RunAllTest::testSecurity with data set #457";d:0.059;s:43:"RunAllTest::testSecurity with data set #458";d:0.053;s:43:"RunAllTest::testSecurity with data set #459";d:0.052;s:43:"RunAllTest::testSecurity with data set #460";d:0.045;s:43:"RunAllTest::testSecurity with data set #461";d:0.052;s:43:"RunAllTest::testSecurity with data set #462";d:0.066;s:43:"RunAllTest::testSecurity with data set #463";d:0.053;s:43:"RunAllTest::testSecurity with data set #464";d:0.049;s:43:"RunAllTest::testSecurity with data set #465";d:0.057;s:43:"RunAllTest::testSecurity with data set #466";d:0.053;s:43:"RunAllTest::testSecurity with data set #467";d:0.073;s:43:"RunAllTest::testSecurity with data set #468";d:0.057;s:43:"RunAllTest::testSecurity with data set #469";d:0.043;s:43:"RunAllTest::testSecurity with data set #470";d:0.045;s:43:"RunAllTest::testSecurity with data set #471";d:0.042;s:43:"RunAllTest::testSecurity with data set #472";d:0.039;s:43:"RunAllTest::testSecurity with data set #473";d:0.064;s:43:"RunAllTest::testSecurity with data set #474";d:0.046;s:43:"RunAllTest::testSecurity with data set #475";d:0.048;s:43:"RunAllTest::testSecurity with data set #476";d:0.055;s:43:"RunAllTest::testSecurity with data set #477";d:0.03;s:43:"RunAllTest::testSecurity with data set #478";d:0.03;s:43:"RunAllTest::testSecurity with data set #479";d:0.042;s:43:"RunAllTest::testSecurity with data set #480";d:0.032;s:43:"RunAllTest::testSecurity with data set #481";d:0.037;s:43:"RunAllTest::testSecurity with data set #482";d:0.055;s:43:"RunAllTest::testSecurity with data set #483";d:0.043;s:43:"RunAllTest::testSecurity with data set #484";d:0.041;s:43:"RunAllTest::testSecurity with data set #485";d:0.039;s:43:"RunAllTest::testSecurity with data set #486";d:0.053;s:43:"RunAllTest::testSecurity with data set #487";d:0.031;s:43:"RunAllTest::testSecurity with data set #488";d:0.032;s:43:"RunAllTest::testSecurity with data set #489";d:0.029;s:43:"RunAllTest::testSecurity with data set #490";d:0.031;s:43:"RunAllTest::testSecurity with data set #491";d:0.032;s:43:"RunAllTest::testSecurity with data set #492";d:0.03;s:43:"RunAllTest::testSecurity with data set #493";d:0.056;s:43:"RunAllTest::testSecurity with data set #494";d:0.038;s:43:"RunAllTest::testSecurity with data set #495";d:0.034;s:43:"RunAllTest::testSecurity with data set #496";d:0.035;s:43:"RunAllTest::testSecurity with data set #497";d:0.041;s:43:"RunAllTest::testSecurity with data set #498";d:0.035;s:43:"RunAllTest::testSecurity with data set #499";d:0.039;s:43:"RunAllTest::testSecurity with data set #500";d:0.038;s:43:"RunAllTest::testSecurity with data set #501";d:0.044;s:43:"RunAllTest::testSecurity with data set #502";d:0.044;s:43:"RunAllTest::testSecurity with data set #503";d:0.039;s:43:"RunAllTest::testSecurity with data set #504";d:0.064;s:43:"RunAllTest::testSecurity with data set #505";d:0.03;s:43:"RunAllTest::testSecurity with data set #506";d:0.035;s:43:"RunAllTest::testSecurity with data set #507";d:0.033;s:43:"RunAllTest::testSecurity with data set #508";d:0.032;s:43:"RunAllTest::testSecurity with data set #509";d:0.038;s:43:"RunAllTest::testSecurity with data set #510";d:0.035;s:43:"RunAllTest::testSecurity with data set #511";d:0.033;s:43:"RunAllTest::testSecurity with data set #512";d:0.033;s:43:"RunAllTest::testSecurity with data set #513";d:0.038;s:43:"RunAllTest::testSecurity with data set #514";d:0.033;s:43:"RunAllTest::testSecurity with data set #515";d:0.056;s:43:"RunAllTest::testSecurity with data set #516";d:0.04;s:43:"RunAllTest::testSecurity with data set #517";d:0.046;s:43:"RunAllTest::testSecurity with data set #518";d:0.041;s:43:"RunAllTest::testSecurity with data set #519";d:0.04;s:43:"RunAllTest::testSecurity with data set #520";d:0.04;s:43:"RunAllTest::testSecurity with data set #521";d:0.031;s:43:"RunAllTest::testSecurity with data set #522";d:0.029;s:43:"RunAllTest::testSecurity with data set #523";d:0.033;s:43:"RunAllTest::testSecurity with data set #524";d:0.029;s:43:"RunAllTest::testSecurity with data set #525";d:0.062;s:43:"RunAllTest::testSecurity with data set #526";d:0.034;s:43:"RunAllTest::testSecurity with data set #527";d:0.039;s:43:"RunAllTest::testSecurity with data set #528";d:0.043;s:43:"RunAllTest::testSecurity with data set #529";d:0.031;s:43:"RunAllTest::testSecurity with data set #530";d:0.039;s:43:"RunAllTest::testSecurity with data set #531";d:0.035;s:43:"RunAllTest::testSecurity with data set #532";d:0.036;s:43:"RunAllTest::testSecurity with data set #533";d:0.029;s:43:"RunAllTest::testSecurity with data set #534";d:0.026;s:43:"RunAllTest::testSecurity with data set #535";d:0.028;s:43:"RunAllTest::testSecurity with data set #536";d:0.03;s:43:"RunAllTest::testSecurity with data set #537";d:0.026;s:43:"RunAllTest::testSecurity with data set #538";d:0.027;s:43:"RunAllTest::testSecurity with data set #539";d:0.029;s:43:"RunAllTest::testSecurity with data set #540";d:0.031;s:43:"RunAllTest::testSecurity with data set #541";d:0.055;s:43:"RunAllTest::testSecurity with data set #542";d:0.038;s:43:"RunAllTest::testSecurity with data set #543";d:0.034;s:43:"RunAllTest::testSecurity with data set #544";d:0.039;s:43:"RunAllTest::testSecurity with data set #545";d:0.034;s:43:"RunAllTest::testSecurity with data set #546";d:0.034;s:43:"RunAllTest::testSecurity with data set #547";d:0.031;s:43:"RunAllTest::testSecurity with data set #548";d:0.033;s:43:"RunAllTest::testSecurity with data set #549";d:0.035;s:43:"RunAllTest::testSecurity with data set #550";d:0.034;s:43:"RunAllTest::testSecurity with data set #551";d:0.031;s:43:"RunAllTest::testSecurity with data set #552";d:0.032;s:43:"RunAllTest::testSecurity with data set #553";d:0.065;s:43:"RunAllTest::testSecurity with data set #554";d:0.041;s:43:"RunAllTest::testSecurity with data set #555";d:0.029;s:43:"RunAllTest::testSecurity with data set #556";d:0.04;s:43:"RunAllTest::testSecurity with data set #557";d:0.036;s:43:"RunAllTest::testSecurity with data set #558";d:0.029;s:43:"RunAllTest::testSecurity with data set #559";d:0.031;s:43:"RunAllTest::testSecurity with data set #560";d:0.03;s:43:"RunAllTest::testSecurity with data set #561";d:0.029;s:43:"RunAllTest::testSecurity with data set #562";d:0.026;s:43:"RunAllTest::testSecurity with data set #563";d:0.028;s:43:"RunAllTest::testSecurity with data set #564";d:0.031;s:43:"RunAllTest::testSecurity with data set #565";d:0.03;s:43:"RunAllTest::testSecurity with data set #566";d:0.026;s:43:"RunAllTest::testSecurity with data set #567";d:0.025;s:43:"RunAllTest::testSecurity with data set #568";d:0.058;s:43:"RunAllTest::testSecurity with data set #569";d:0.034;s:43:"RunAllTest::testSecurity with data set #570";d:0.034;s:43:"RunAllTest::testSecurity with data set #571";d:0.031;s:43:"RunAllTest::testSecurity with data set #572";d:0.029;s:43:"RunAllTest::testSecurity with data set #573";d:0.033;s:43:"RunAllTest::testSecurity with data set #574";d:0.032;s:43:"RunAllTest::testSecurity with data set #575";d:0.037;s:43:"RunAllTest::testSecurity with data set #576";d:0.039;s:43:"RunAllTest::testSecurity with data set #577";d:0.04;s:43:"RunAllTest::testSecurity with data set #578";d:0.034;s:43:"RunAllTest::testSecurity with data set #579";d:0.036;s:43:"RunAllTest::testSecurity with data set #580";d:0.031;s:43:"RunAllTest::testSecurity with data set #581";d:0.026;s:43:"RunAllTest::testSecurity with data set #582";d:0.056;s:43:"RunAllTest::testSecurity with data set #583";d:0.03;s:43:"RunAllTest::testSecurity with data set #584";d:0.035;s:43:"RunAllTest::testSecurity with data set #585";d:0.041;s:43:"RunAllTest::testSecurity with data set #586";d:0.034;s:43:"RunAllTest::testSecurity with data set #587";d:0.035;s:43:"RunAllTest::testSecurity with data set #588";d:0.034;s:43:"RunAllTest::testSecurity with data set #589";d:0.034;s:43:"RunAllTest::testSecurity with data set #590";d:0.031;s:43:"RunAllTest::testSecurity with data set #591";d:0.037;s:43:"RunAllTest::testSecurity with data set #592";d:0.043;s:43:"RunAllTest::testSecurity with data set #593";d:0.033;s:43:"RunAllTest::testSecurity with data set #594";d:0.062;s:43:"RunAllTest::testSecurity with data set #595";d:0.037;s:43:"RunAllTest::testSecurity with data set #596";d:0.037;s:43:"RunAllTest::testSecurity with data set #597";d:0.035;s:43:"RunAllTest::testSecurity with data set #598";d:0.033;s:43:"RunAllTest::testSecurity with data set #599";d:0.043;s:43:"RunAllTest::testSecurity with data set #600";d:0.039;s:43:"RunAllTest::testSecurity with data set #601";d:0.03;s:43:"RunAllTest::testSecurity with data set #602";d:0.032;s:43:"RunAllTest::testSecurity with data set #603";d:0.052;s:43:"RunAllTest::testSecurity with data set #604";d:0.04;s:43:"RunAllTest::testSecurity with data set #605";d:0.037;s:43:"RunAllTest::testSecurity with data set #606";d:0.033;s:43:"RunAllTest::testSecurity with data set #607";d:0.034;s:43:"RunAllTest::testSecurity with data set #608";d:0.032;s:43:"RunAllTest::testSecurity with data set #609";d:0.037;s:43:"RunAllTest::testSecurity with data set #610";d:0.036;s:43:"RunAllTest::testSecurity with data set #611";d:0.033;s:43:"RunAllTest::testSecurity with data set #612";d:0.042;s:43:"RunAllTest::testSecurity with data set #613";d:0.035;s:43:"RunAllTest::testSecurity with data set #614";d:0.062;s:43:"RunAllTest::testSecurity with data set #615";d:0.039;s:43:"RunAllTest::testSecurity with data set #616";d:0.034;s:43:"RunAllTest::testSecurity with data set #617";d:0.037;s:43:"RunAllTest::testSecurity with data set #618";d:0.034;s:43:"RunAllTest::testSecurity with data set #619";d:0.041;s:43:"RunAllTest::testSecurity with data set #620";d:0.035;s:43:"RunAllTest::testSecurity with data set #621";d:0.041;s:43:"RunAllTest::testSecurity with data set #622";d:0.039;s:43:"RunAllTest::testSecurity with data set #623";d:0.056;s:43:"RunAllTest::testSecurity with data set #624";d:0.046;s:43:"RunAllTest::testSecurity with data set #625";d:0.051;s:43:"RunAllTest::testSecurity with data set #626";d:0.028;s:43:"RunAllTest::testSecurity with data set #627";d:0.029;s:43:"RunAllTest::testSecurity with data set #628";d:0.03;s:43:"RunAllTest::testSecurity with data set #629";d:0.037;s:43:"RunAllTest::testSecurity with data set #630";d:0.03;s:43:"RunAllTest::testSecurity with data set #631";d:0.028;s:43:"RunAllTest::testSecurity with data set #632";d:0.029;s:43:"RunAllTest::testSecurity with data set #633";d:0.026;s:43:"RunAllTest::testSecurity with data set #634";d:0.03;s:43:"RunAllTest::testSecurity with data set #635";d:0.061;s:43:"RunAllTest::testSecurity with data set #636";d:0.031;s:43:"RunAllTest::testSecurity with data set #637";d:0.033;s:43:"RunAllTest::testSecurity with data set #638";d:0.038;s:43:"RunAllTest::testSecurity with data set #639";d:0.041;s:43:"RunAllTest::testSecurity with data set #640";d:0.035;s:43:"RunAllTest::testSecurity with data set #641";d:0.028;s:43:"RunAllTest::testSecurity with data set #642";d:0.027;s:43:"RunAllTest::testSecurity with data set #643";d:0.021;s:43:"RunAllTest::testSecurity with data set #644";d:0.027;s:43:"RunAllTest::testSecurity with data set #645";d:0.022;s:43:"RunAllTest::testSecurity with data set #646";d:0.025;s:43:"RunAllTest::testSecurity with data set #647";d:0.019;s:43:"RunAllTest::testSecurity with data set #648";d:0.022;s:43:"RunAllTest::testSecurity with data set #649";d:0.024;s:43:"RunAllTest::testSecurity with data set #650";d:0.024;s:43:"RunAllTest::testSecurity with data set #651";d:0.026;s:43:"RunAllTest::testSecurity with data set #652";d:0.022;s:43:"RunAllTest::testSecurity with data set #653";d:0.022;s:43:"RunAllTest::testSecurity with data set #654";d:0.057;s:43:"RunAllTest::testSecurity with data set #655";d:0.023;s:43:"RunAllTest::testSecurity with data set #656";d:0.029;s:43:"RunAllTest::testSecurity with data set #657";d:0.029;s:43:"RunAllTest::testSecurity with data set #658";d:0.031;s:43:"RunAllTest::testSecurity with data set #659";d:0.028;s:43:"RunAllTest::testSecurity with data set #660";d:0.027;s:43:"RunAllTest::testSecurity with data set #661";d:0.027;s:43:"RunAllTest::testSecurity with data set #662";d:0.024;s:43:"RunAllTest::testSecurity with data set #663";d:0.028;s:43:"RunAllTest::testSecurity with data set #664";d:0.028;s:43:"RunAllTest::testSecurity with data set #665";d:0.026;s:43:"RunAllTest::testSecurity with data set #666";d:0.021;s:43:"RunAllTest::testSecurity with data set #667";d:0.024;s:43:"RunAllTest::testSecurity with data set #668";d:0.022;s:43:"RunAllTest::testSecurity with data set #669";d:0.025;s:43:"RunAllTest::testSecurity with data set #670";d:0.023;s:43:"RunAllTest::testSecurity with data set #671";d:0.031;s:43:"RunAllTest::testSecurity with data set #672";d:0.023;s:43:"RunAllTest::testSecurity with data set #673";d:0.023;s:43:"RunAllTest::testSecurity with data set #674";d:0.022;s:43:"RunAllTest::testSecurity with data set #675";d:0.031;s:43:"RunAllTest::testSecurity with data set #676";d:0.022;s:43:"RunAllTest::testSecurity with data set #677";d:0.06;s:43:"RunAllTest::testSecurity with data set #678";d:0.03;s:43:"RunAllTest::testSecurity with data set #679";d:0.03;s:43:"RunAllTest::testSecurity with data set #680";d:0.029;s:43:"RunAllTest::testSecurity with data set #681";d:0.028;s:43:"RunAllTest::testSecurity with data set #682";d:0.028;s:43:"RunAllTest::testSecurity with data set #683";d:0.03;s:43:"RunAllTest::testSecurity with data set #684";d:0.029;s:43:"RunAllTest::testSecurity with data set #685";d:0.028;s:43:"RunAllTest::testSecurity with data set #686";d:0.026;s:43:"RunAllTest::testSecurity with data set #687";d:0.025;s:43:"RunAllTest::testSecurity with data set #688";d:0.029;s:43:"RunAllTest::testSecurity with data set #689";d:0.023;s:43:"RunAllTest::testSecurity with data set #690";d:0.028;s:43:"RunAllTest::testSecurity with data set #691";d:0.027;s:43:"RunAllTest::testSecurity with data set #692";d:0.024;s:43:"RunAllTest::testSecurity with data set #693";d:0.025;s:43:"RunAllTest::testSecurity with data set #694";d:0.023;s:43:"RunAllTest::testSecurity with data set #695";d:0.028;s:43:"RunAllTest::testSecurity with data set #696";d:0.028;s:43:"RunAllTest::testSecurity with data set #697";d:0.025;s:43:"RunAllTest::testSecurity with data set #698";d:0.066;s:43:"RunAllTest::testSecurity with data set #699";d:0.029;s:43:"RunAllTest::testSecurity with data set #700";d:0.032;s:43:"RunAllTest::testSecurity with data set #701";d:0.035;s:43:"RunAllTest::testSecurity with data set #702";d:0.036;s:43:"RunAllTest::testSecurity with data set #703";d:0.038;s:43:"RunAllTest::testSecurity with data set #704";d:0.033;s:43:"RunAllTest::testSecurity with data set #705";d:0.033;s:43:"RunAllTest::testSecurity with data set #706";d:0.037;s:43:"RunAllTest::testSecurity with data set #707";d:0.041;s:43:"RunAllTest::testSecurity with data set #708";d:0.034;s:43:"RunAllTest::testSecurity with data set #709";d:0.037;s:43:"RunAllTest::testSecurity with data set #710";d:0.039;s:43:"RunAllTest::testSecurity with data set #711";d:0.031;s:43:"RunAllTest::testSecurity with data set #712";d:0.031;s:43:"RunAllTest::testSecurity with data set #713";d:0.068;s:43:"RunAllTest::testSecurity with data set #714";d:0.035;s:43:"RunAllTest::testSecurity with data set #715";d:0.038;s:43:"RunAllTest::testSecurity with data set #716";d:0.035;s:43:"RunAllTest::testSecurity with data set #717";d:0.035;s:43:"RunAllTest::testSecurity with data set #718";d:0.04;s:43:"RunAllTest::testSecurity with data set #719";d:0.037;s:43:"RunAllTest::testSecurity with data set #720";d:0.037;s:43:"RunAllTest::testSecurity with data set #721";d:0.034;s:43:"RunAllTest::testSecurity with data set #722";d:0.033;s:43:"RunAllTest::testSecurity with data set #723";d:0.032;s:43:"RunAllTest::testSecurity with data set #724";d:0.064;s:43:"RunAllTest::testSecurity with data set #725";d:0.042;s:43:"RunAllTest::testSecurity with data set #726";d:0.037;s:43:"RunAllTest::testSecurity with data set #727";d:0.035;s:43:"RunAllTest::testSecurity with data set #728";d:0.036;s:43:"RunAllTest::testSecurity with data set #729";d:0.033;s:43:"RunAllTest::testSecurity with data set #730";d:0.05;s:43:"RunAllTest::testSecurity with data set #731";d:0.049;s:43:"RunAllTest::testSecurity with data set #732";d:0.039;s:43:"RunAllTest::testSecurity with data set #733";d:0.032;s:43:"RunAllTest::testSecurity with data set #734";d:0.031;s:43:"RunAllTest::testSecurity with data set #735";d:0.031;s:43:"RunAllTest::testSecurity with data set #736";d:0.029;s:43:"RunAllTest::testSecurity with data set #737";d:0.094;s:43:"RunAllTest::testSecurity with data set #738";d:0.034;s:43:"RunAllTest::testSecurity with data set #739";d:0.04;s:43:"RunAllTest::testSecurity with data set #740";d:0.033;s:43:"RunAllTest::testSecurity with data set #741";d:0.034;s:43:"RunAllTest::testSecurity with data set #742";d:0.033;s:43:"RunAllTest::testSecurity with data set #743";d:0.03;s:43:"RunAllTest::testSecurity with data set #744";d:0.03;s:43:"RunAllTest::testSecurity with data set #745";d:0.031;s:43:"RunAllTest::testSecurity with data set #746";d:0.028;s:43:"RunAllTest::testSecurity with data set #747";d:0.029;s:43:"RunAllTest::testSecurity with data set #748";d:0.026;s:43:"RunAllTest::testSecurity with data set #749";d:0.027;s:43:"RunAllTest::testSecurity with data set #750";d:0.029;s:43:"RunAllTest::testSecurity with data set #751";d:0.027;s:43:"RunAllTest::testSecurity with data set #752";d:0.027;s:43:"RunAllTest::testSecurity with data set #753";d:0.057;s:43:"RunAllTest::testSecurity with data set #754";d:0.031;s:43:"RunAllTest::testSecurity with data set #755";d:0.034;s:43:"RunAllTest::testSecurity with data set #756";d:0.035;s:43:"RunAllTest::testSecurity with data set #757";d:0.053;s:43:"RunAllTest::testSecurity with data set #758";d:0.031;s:43:"RunAllTest::testSecurity with data set #759";d:0.032;s:43:"RunAllTest::testSecurity with data set #760";d:0.036;s:43:"RunAllTest::testSecurity with data set #761";d:0.032;s:43:"RunAllTest::testSecurity with data set #762";d:0.032;s:43:"RunAllTest::testSecurity with data set #763";d:0.031;s:43:"RunAllTest::testSecurity with data set #764";d:0.031;s:43:"RunAllTest::testSecurity with data set #765";d:0.054;s:43:"RunAllTest::testSecurity with data set #766";d:0.032;s:43:"RunAllTest::testSecurity with data set #767";d:0.032;s:43:"RunAllTest::testSecurity with data set #768";d:0.035;s:43:"RunAllTest::testSecurity with data set #769";d:0.035;s:43:"RunAllTest::testSecurity with data set #770";d:0.033;s:43:"RunAllTest::testSecurity with data set #771";d:0.028;s:43:"RunAllTest::testSecurity with data set #772";d:0.024;s:43:"RunAllTest::testSecurity with data set #773";d:0.028;s:43:"RunAllTest::testSecurity with data set #774";d:0.031;s:43:"RunAllTest::testSecurity with data set #775";d:0.032;s:43:"RunAllTest::testSecurity with data set #776";d:0.026;s:43:"RunAllTest::testSecurity with data set #777";d:0.026;s:43:"RunAllTest::testSecurity with data set #778";d:0.025;s:43:"RunAllTest::testSecurity with data set #779";d:0.025;s:43:"RunAllTest::testSecurity with data set #780";d:0.055;s:43:"RunAllTest::testSecurity with data set #781";d:0.032;s:43:"RunAllTest::testSecurity with data set #782";d:0.033;s:43:"RunAllTest::testSecurity with data set #783";d:0.032;s:43:"RunAllTest::testSecurity with data set #784";d:0.034;s:43:"RunAllTest::testSecurity with data set #785";d:0.038;s:43:"RunAllTest::testSecurity with data set #786";d:0.044;s:43:"RunAllTest::testSecurity with data set #787";d:0.045;s:43:"RunAllTest::testSecurity with data set #788";d:0.038;s:43:"RunAllTest::testSecurity with data set #789";d:0.04;s:43:"RunAllTest::testSecurity with data set #790";d:0.042;s:43:"RunAllTest::testSecurity with data set #791";d:0.06;s:43:"RunAllTest::testSecurity with data set #792";d:0.038;s:43:"RunAllTest::testSecurity with data set #793";d:0.062;s:43:"RunAllTest::testSecurity with data set #794";d:0.036;s:43:"RunAllTest::testSecurity with data set #795";d:0.039;s:43:"RunAllTest::testSecurity with data set #796";d:0.043;s:43:"RunAllTest::testSecurity with data set #797";d:0.02;s:43:"RunAllTest::testSecurity with data set #798";d:0.038;s:43:"RunAllTest::testSecurity with data set #799";d:0.026;s:43:"RunAllTest::testSecurity with data set #800";d:0.024;s:43:"RunAllTest::testSecurity with data set #801";d:0.027;s:43:"RunAllTest::testSecurity with data set #802";d:0.022;s:43:"RunAllTest::testSecurity with data set #803";d:0.025;s:43:"RunAllTest::testSecurity with data set #804";d:0.02;s:43:"RunAllTest::testSecurity with data set #805";d:0.063;s:43:"RunAllTest::testSecurity with data set #806";d:0.027;s:43:"RunAllTest::testSecurity with data set #807";d:0.027;s:43:"RunAllTest::testSecurity with data set #808";d:0.03;s:43:"RunAllTest::testSecurity with data set #809";d:0.031;s:43:"RunAllTest::testSecurity with data set #810";d:0.03;s:43:"RunAllTest::testSecurity with data set #811";d:0.027;s:43:"RunAllTest::testSecurity with data set #812";d:0.027;s:43:"RunAllTest::testSecurity with data set #813";d:0.028;s:43:"RunAllTest::testSecurity with data set #814";d:0.026;s:43:"RunAllTest::testSecurity with data set #815";d:0.024;s:43:"RunAllTest::testSecurity with data set #816";d:0.028;s:43:"RunAllTest::testSecurity with data set #817";d:0.031;s:43:"RunAllTest::testSecurity with data set #818";d:0.025;s:43:"RunAllTest::testSecurity with data set #819";d:0.025;s:43:"RunAllTest::testSecurity with data set #820";d:0.036;s:43:"RunAllTest::testSecurity with data set #821";d:0.025;s:43:"RunAllTest::testSecurity with data set #822";d:0.022;s:43:"RunAllTest::testSecurity with data set #823";d:0.024;s:43:"RunAllTest::testSecurity with data set #824";d:0.028;s:43:"RunAllTest::testSecurity with data set #825";d:0.022;s:43:"RunAllTest::testSecurity with data set #826";d:0.065;s:43:"RunAllTest::testSecurity with data set #827";d:0.039;s:43:"RunAllTest::testSecurity with data set #828";d:0.027;s:43:"RunAllTest::testSecurity with data set #829";d:0.032;s:43:"RunAllTest::testSecurity with data set #830";d:0.034;s:43:"RunAllTest::testSecurity with data set #831";d:0.029;s:43:"RunAllTest::testSecurity with data set #832";d:0.034;s:43:"RunAllTest::testSecurity with data set #833";d:0.038;s:43:"RunAllTest::testSecurity with data set #834";d:0.038;s:43:"RunAllTest::testSecurity with data set #835";d:0.043;s:43:"RunAllTest::testSecurity with data set #836";d:0.037;s:43:"RunAllTest::testSecurity with data set #837";d:0.046;s:43:"RunAllTest::testSecurity with data set #838";d:0.037;s:43:"RunAllTest::testSecurity with data set #839";d:0.03;s:43:"RunAllTest::testSecurity with data set #840";d:0.033;s:43:"RunAllTest::testSecurity with data set #841";d:0.063;s:43:"RunAllTest::testSecurity with data set #842";d:0.031;s:43:"RunAllTest::testSecurity with data set #843";d:0.033;s:43:"RunAllTest::testSecurity with data set #844";d:0.031;s:43:"RunAllTest::testSecurity with data set #845";d:0.033;s:43:"RunAllTest::testSecurity with data set #846";d:0.032;s:43:"RunAllTest::testSecurity with data set #847";d:0.04;s:43:"RunAllTest::testSecurity with data set #848";d:0.052;s:43:"RunAllTest::testSecurity with data set #849";d:0.034;s:43:"RunAllTest::testSecurity with data set #850";d:0.041;s:43:"RunAllTest::testSecurity with data set #851";d:0.034;s:43:"RunAllTest::testSecurity with data set #852";d:0.054;s:43:"RunAllTest::testSecurity with data set #853";d:0.033;s:43:"RunAllTest::testSecurity with data set #854";d:0.035;s:43:"RunAllTest::testSecurity with data set #855";d:0.032;s:43:"RunAllTest::testSecurity with data set #856";d:0.031;s:43:"RunAllTest::testSecurity with data set #857";d:0.029;s:43:"RunAllTest::testSecurity with data set #858";d:0.025;s:43:"RunAllTest::testSecurity with data set #859";d:0.025;s:43:"RunAllTest::testSecurity with data set #860";d:0.025;s:43:"RunAllTest::testSecurity with data set #861";d:0.036;s:43:"RunAllTest::testSecurity with data set #862";d:0.032;s:43:"RunAllTest::testSecurity with data set #863";d:0.038;s:43:"RunAllTest::testSecurity with data set #864";d:0.031;s:43:"RunAllTest::testSecurity with data set #865";d:0.035;s:43:"RunAllTest::testSecurity with data set #866";d:0.032;s:43:"RunAllTest::testSecurity with data set #867";d:0.06;s:43:"RunAllTest::testSecurity with data set #868";d:0.038;s:43:"RunAllTest::testSecurity with data set #869";d:0.035;s:43:"RunAllTest::testSecurity with data set #870";d:0.036;s:43:"RunAllTest::testSecurity with data set #871";d:0.035;s:43:"RunAllTest::testSecurity with data set #872";d:0.034;s:43:"RunAllTest::testSecurity with data set #873";d:0.033;s:43:"RunAllTest::testSecurity with data set #874";d:0.035;s:43:"RunAllTest::testSecurity with data set #875";d:0.033;s:43:"RunAllTest::testSecurity with data set #876";d:0.043;s:43:"RunAllTest::testSecurity with data set #877";d:0.037;s:43:"RunAllTest::testSecurity with data set #878";d:0.036;s:43:"RunAllTest::testSecurity with data set #879";d:0.062;s:43:"RunAllTest::testSecurity with data set #880";d:0.034;s:43:"RunAllTest::testSecurity with data set #881";d:0.041;s:43:"RunAllTest::testSecurity with data set #882";d:0.036;s:43:"RunAllTest::testSecurity with data set #883";d:0.034;s:43:"RunAllTest::testSecurity with data set #884";d:0.035;s:43:"RunAllTest::testSecurity with data set #885";d:0.038;s:43:"RunAllTest::testSecurity with data set #886";d:0.042;s:43:"RunAllTest::testSecurity with data set #887";d:0.036;s:43:"RunAllTest::testSecurity with data set #888";d:0.036;s:43:"RunAllTest::testSecurity with data set #889";d:0.035;s:43:"RunAllTest::testSecurity with data set #890";d:0.056;s:43:"RunAllTest::testSecurity with data set #891";d:0.036;s:43:"RunAllTest::testSecurity with data set #892";d:0.037;s:43:"RunAllTest::testSecurity with data set #893";d:0.042;s:43:"RunAllTest::testSecurity with data set #894";d:0.035;s:43:"RunAllTest::testSecurity with data set #895";d:0.035;s:43:"RunAllTest::testSecurity with data set #896";d:0.035;s:43:"RunAllTest::testSecurity with data set #897";d:0.034;s:43:"RunAllTest::testSecurity with data set #898";d:0.035;s:43:"RunAllTest::testSecurity with data set #899";d:0.04;s:43:"RunAllTest::testSecurity with data set #900";d:0.035;s:43:"RunAllTest::testSecurity with data set #901";d:0.069;s:43:"RunAllTest::testSecurity with data set #902";d:0.039;s:43:"RunAllTest::testSecurity with data set #903";d:0.042;s:43:"RunAllTest::testSecurity with data set #904";d:0.037;s:43:"RunAllTest::testSecurity with data set #905";d:0.035;s:43:"RunAllTest::testSecurity with data set #906";d:0.042;s:43:"RunAllTest::testSecurity with data set #907";d:0.036;s:43:"RunAllTest::testSecurity with data set #908";d:0.036;s:43:"RunAllTest::testSecurity with data set #909";d:0.065;s:43:"RunAllTest::testSecurity with data set #910";d:0.034;s:43:"RunAllTest::testSecurity with data set #911";d:0.034;s:43:"RunAllTest::testSecurity with data set #912";d:0.061;s:43:"RunAllTest::testSecurity with data set #913";d:0.041;s:43:"RunAllTest::testSecurity with data set #914";d:0.042;s:43:"RunAllTest::testSecurity with data set #915";d:0.043;s:43:"RunAllTest::testSecurity with data set #916";d:0.045;s:43:"RunAllTest::testSecurity with data set #917";d:0.035;s:43:"RunAllTest::testSecurity with data set #918";d:0.036;s:43:"RunAllTest::testSecurity with data set #919";d:0.036;s:43:"RunAllTest::testSecurity with data set #920";d:0.038;s:43:"RunAllTest::testSecurity with data set #921";d:0.036;s:43:"RunAllTest::testSecurity with data set #922";d:0.063;s:43:"RunAllTest::testSecurity with data set #923";d:0.041;s:43:"RunAllTest::testSecurity with data set #924";d:0.047;s:43:"RunAllTest::testSecurity with data set #925";d:0.049;s:43:"RunAllTest::testSecurity with data set #926";d:0.041;s:43:"RunAllTest::testSecurity with data set #927";d:0.039;s:43:"RunAllTest::testSecurity with data set #928";d:0.046;s:43:"RunAllTest::testSecurity with data set #929";d:0.035;s:43:"RunAllTest::testSecurity with data set #930";d:0.059;s:43:"RunAllTest::testSecurity with data set #931";d:0.042;s:43:"RunAllTest::testSecurity with data set #932";d:0.039;s:43:"RunAllTest::testSecurity with data set #933";d:0.047;s:43:"RunAllTest::testSecurity with data set #934";d:0.04;s:43:"RunAllTest::testSecurity with data set #935";d:0.046;s:43:"RunAllTest::testSecurity with data set #936";d:0.048;s:43:"RunAllTest::testSecurity with data set #937";d:0.056;s:43:"RunAllTest::testSecurity with data set #938";d:0.039;s:43:"RunAllTest::testSecurity with data set #939";d:0.045;s:43:"RunAllTest::testSecurity with data set #940";d:0.039;s:43:"RunAllTest::testSecurity with data set #941";d:0.042;s:43:"RunAllTest::testSecurity with data set #942";d:0.037;s:43:"RunAllTest::testSecurity with data set #943";d:0.037;s:43:"RunAllTest::testSecurity with data set #944";d:0.041;s:43:"RunAllTest::testSecurity with data set #945";d:0.061;s:43:"RunAllTest::testSecurity with data set #946";d:0.044;s:43:"RunAllTest::testSecurity with data set #947";d:0.061;s:43:"RunAllTest::testSecurity with data set #948";d:0.042;s:43:"RunAllTest::testSecurity with data set #949";d:0.044;s:43:"RunAllTest::testSecurity with data set #950";d:0.04;s:43:"RunAllTest::testSecurity with data set #951";d:0.041;s:43:"RunAllTest::testSecurity with data set #952";d:0.038;s:43:"RunAllTest::testSecurity with data set #953";d:0.059;s:43:"RunAllTest::testSecurity with data set #954";d:0.043;s:43:"RunAllTest::testSecurity with data set #955";d:0.042;s:43:"RunAllTest::testSecurity with data set #956";d:0.037;s:43:"RunAllTest::testSecurity with data set #957";d:0.036;s:43:"RunAllTest::testSecurity with data set #958";d:0.04;s:43:"RunAllTest::testSecurity with data set #959";d:0.035;s:43:"RunAllTest::testSecurity with data set #960";d:0.035;s:43:"RunAllTest::testSecurity with data set #961";d:0.042;s:43:"RunAllTest::testSecurity with data set #962";d:0.059;s:43:"RunAllTest::testSecurity with data set #963";d:0.038;s:43:"RunAllTest::testSecurity with data set #964";d:0.042;s:43:"RunAllTest::testSecurity with data set #965";d:0.041;s:43:"RunAllTest::testSecurity with data set #966";d:0.045;s:43:"RunAllTest::testSecurity with data set #967";d:0.042;s:43:"RunAllTest::testSecurity with data set #968";d:0.046;s:43:"RunAllTest::testSecurity with data set #969";d:0.043;s:43:"RunAllTest::testSecurity with data set #970";d:0.05;s:43:"RunAllTest::testSecurity with data set #971";d:0.07;s:43:"RunAllTest::testSecurity with data set #972";d:0.052;s:43:"RunAllTest::testSecurity with data set #973";d:0.041;s:43:"RunAllTest::testSecurity with data set #974";d:0.039;s:43:"RunAllTest::testSecurity with data set #975";d:0.043;s:43:"RunAllTest::testSecurity with data set #976";d:0.043;s:43:"RunAllTest::testSecurity with data set #977";d:0.04;s:43:"RunAllTest::testSecurity with data set #978";d:0.035;s:43:"RunAllTest::testSecurity with data set #979";d:0.035;s:43:"RunAllTest::testSecurity with data set #980";d:0.06;s:43:"RunAllTest::testSecurity with data set #981";d:0.037;s:43:"RunAllTest::testSecurity with data set #982";d:0.05;s:43:"RunAllTest::testSecurity with data set #983";d:0.049;s:43:"RunAllTest::testSecurity with data set #984";d:0.048;s:43:"RunAllTest::testSecurity with data set #985";d:0.047;s:43:"RunAllTest::testSecurity with data set #986";d:0.045;s:43:"RunAllTest::testSecurity with data set #987";d:0.068;s:43:"RunAllTest::testSecurity with data set #988";d:0.05;s:43:"RunAllTest::testSecurity with data set #989";d:0.051;s:43:"RunAllTest::testSecurity with data set #990";d:0.049;s:43:"RunAllTest::testSecurity with data set #991";d:0.065;s:43:"RunAllTest::testSecurity with data set #992";d:0.053;s:43:"RunAllTest::testSecurity with data set #993";d:0.048;s:43:"RunAllTest::testSecurity with data set #994";d:0.037;s:43:"RunAllTest::testSecurity with data set #995";d:0.037;s:43:"RunAllTest::testSecurity with data set #996";d:0.04;s:43:"RunAllTest::testSecurity with data set #997";d:0.044;s:43:"RunAllTest::testSecurity with data set #998";d:0.034;s:43:"RunAllTest::testSecurity with data set #999";d:0.042;s:44:"RunAllTest::testSecurity with data set #1000";d:0.034;s:44:"RunAllTest::testSecurity with data set #1001";d:0.034;s:44:"RunAllTest::testSecurity with data set #1002";d:0.036;s:44:"RunAllTest::testSecurity with data set #1003";d:0.032;s:44:"RunAllTest::testSecurity with data set #1004";d:0.059;s:44:"RunAllTest::testSecurity with data set #1005";d:0.042;s:44:"RunAllTest::testSecurity with data set #1006";d:0.037;s:44:"RunAllTest::testSecurity with data set #1007";d:0.042;s:44:"RunAllTest::testSecurity with data set #1008";d:0.038;s:44:"RunAllTest::testSecurity with data set #1009";d:0.036;s:44:"RunAllTest::testSecurity with data set #1010";d:0.037;s:44:"RunAllTest::testSecurity with data set #1011";d:0.035;s:44:"RunAllTest::testSecurity with data set #1012";d:0.037;s:44:"RunAllTest::testSecurity with data set #1013";d:0.037;s:44:"RunAllTest::testSecurity with data set #1014";d:0.03;s:44:"RunAllTest::testSecurity with data set #1015";d:0.063;s:44:"RunAllTest::testSecurity with data set #1016";d:0.036;s:44:"RunAllTest::testSecurity with data set #1017";d:0.038;s:44:"RunAllTest::testSecurity with data set #1018";d:0.042;s:44:"RunAllTest::testSecurity with data set #1019";d:0.037;s:44:"RunAllTest::testSecurity with data set #1020";d:0.039;s:44:"RunAllTest::testSecurity with data set #1021";d:0.038;s:44:"RunAllTest::testSecurity with data set #1022";d:0.035;s:44:"RunAllTest::testSecurity with data set #1023";d:0.034;s:44:"RunAllTest::testSecurity with data set #1024";d:0.033;s:44:"RunAllTest::testSecurity with data set #1025";d:0.034;s:44:"RunAllTest::testSecurity with data set #1026";d:0.058;s:44:"RunAllTest::testSecurity with data set #1027";d:0.036;s:44:"RunAllTest::testSecurity with data set #1028";d:0.041;s:44:"RunAllTest::testSecurity with data set #1029";d:0.034;s:44:"RunAllTest::testSecurity with data set #1030";d:0.034;s:44:"RunAllTest::testSecurity with data set #1031";d:0.043;s:44:"RunAllTest::testSecurity with data set #1032";d:0.038;s:44:"RunAllTest::testSecurity with data set #1033";d:0.035;s:44:"RunAllTest::testSecurity with data set #1034";d:0.034;s:44:"RunAllTest::testSecurity with data set #1035";d:0.041;s:44:"RunAllTest::testSecurity with data set #1036";d:0.055;s:44:"RunAllTest::testSecurity with data set #1037";d:0.049;s:44:"RunAllTest::testSecurity with data set #1038";d:0.044;s:44:"RunAllTest::testSecurity with data set #1039";d:0.043;s:44:"RunAllTest::testSecurity with data set #1040";d:0.054;s:44:"RunAllTest::testSecurity with data set #1041";d:0.038;s:44:"RunAllTest::testSecurity with data set #1042";d:0.033;s:44:"RunAllTest::testSecurity with data set #1043";d:0.036;s:44:"RunAllTest::testSecurity with data set #1044";d:0.042;s:44:"RunAllTest::testSecurity with data set #1045";d:0.057;s:44:"RunAllTest::testSecurity with data set #1046";d:0.034;s:44:"RunAllTest::testSecurity with data set #1047";d:0.042;s:44:"RunAllTest::testSecurity with data set #1048";d:0.037;s:44:"RunAllTest::testSecurity with data set #1049";d:0.035;s:44:"RunAllTest::testSecurity with data set #1050";d:0.036;s:44:"RunAllTest::testSecurity with data set #1051";d:0.03;s:44:"RunAllTest::testSecurity with data set #1052";d:0.029;s:44:"RunAllTest::testSecurity with data set #1053";d:0.028;s:44:"RunAllTest::testSecurity with data set #1054";d:0.03;s:44:"RunAllTest::testSecurity with data set #1055";d:0.03;s:44:"RunAllTest::testSecurity with data set #1056";d:0.029;s:44:"RunAllTest::testSecurity with data set #1057";d:0.029;s:44:"RunAllTest::testSecurity with data set #1058";d:0.027;s:44:"RunAllTest::testSecurity with data set #1059";d:0.055;s:44:"RunAllTest::testSecurity with data set #1060";d:0.032;s:44:"RunAllTest::testSecurity with data set #1061";d:0.035;s:44:"RunAllTest::testSecurity with data set #1062";d:0.034;s:44:"RunAllTest::testSecurity with data set #1063";d:0.033;s:44:"RunAllTest::testSecurity with data set #1064";d:0.031;s:44:"RunAllTest::testSecurity with data set #1065";d:0.03;s:44:"RunAllTest::testSecurity with data set #1066";d:0.03;s:44:"RunAllTest::testSecurity with data set #1067";d:0.029;s:44:"RunAllTest::testSecurity with data set #1068";d:0.029;s:44:"RunAllTest::testSecurity with data set #1069";d:0.037;s:44:"RunAllTest::testSecurity with data set #1070";d:0.029;s:44:"RunAllTest::testSecurity with data set #1071";d:0.028;s:44:"RunAllTest::testSecurity with data set #1072";d:0.029;s:44:"RunAllTest::testSecurity with data set #1073";d:0.026;s:44:"RunAllTest::testSecurity with data set #1074";d:0.026;s:44:"RunAllTest::testSecurity with data set #1075";d:0.06;s:44:"RunAllTest::testSecurity with data set #1076";d:0.03;s:44:"RunAllTest::testSecurity with data set #1077";d:0.031;s:44:"RunAllTest::testSecurity with data set #1078";d:0.034;s:44:"RunAllTest::testSecurity with data set #1079";d:0.032;s:44:"RunAllTest::testSecurity with data set #1080";d:0.032;s:44:"RunAllTest::testSecurity with data set #1081";d:0.038;s:44:"RunAllTest::testSecurity with data set #1082";d:0.029;s:44:"RunAllTest::testSecurity with data set #1083";d:0.032;s:44:"RunAllTest::testSecurity with data set #1084";d:0.032;s:44:"RunAllTest::testSecurity with data set #1085";d:0.028;s:44:"RunAllTest::testSecurity with data set #1086";d:0.03;s:44:"RunAllTest::testSecurity with data set #1087";d:0.03;s:44:"RunAllTest::testSecurity with data set #1088";d:0.03;s:44:"RunAllTest::testSecurity with data set #1089";d:0.028;s:44:"RunAllTest::testSecurity with data set #1090";d:0.029;s:44:"RunAllTest::testSecurity with data set #1091";d:0.061;s:44:"RunAllTest::testSecurity with data set #1092";d:0.031;s:44:"RunAllTest::testSecurity with data set #1093";d:0.032;s:44:"RunAllTest::testSecurity with data set #1094";d:0.032;s:44:"RunAllTest::testSecurity with data set #1095";d:0.03;s:44:"RunAllTest::testSecurity with data set #1096";d:0.031;s:44:"RunAllTest::testSecurity with data set #1097";d:0.034;s:44:"RunAllTest::testSecurity with data set #1098";d:0.032;s:44:"RunAllTest::testSecurity with data set #1099";d:0.037;s:44:"RunAllTest::testSecurity with data set #1100";d:0.03;s:44:"RunAllTest::testSecurity with data set #1101";d:0.027;s:44:"RunAllTest::testSecurity with data set #1102";d:0.03;s:44:"RunAllTest::testSecurity with data set #1103";d:0.032;s:44:"RunAllTest::testSecurity with data set #1104";d:0.029;s:44:"RunAllTest::testSecurity with data set #1105";d:0.028;s:44:"RunAllTest::testSecurity with data set #1106";d:0.061;s:44:"RunAllTest::testSecurity with data set #1107";d:0.032;s:44:"RunAllTest::testSecurity with data set #1108";d:0.034;s:44:"RunAllTest::testSecurity with data set #1109";d:0.034;s:44:"RunAllTest::testSecurity with data set #1110";d:0.034;s:44:"RunAllTest::testSecurity with data set #1111";d:0.034;s:44:"RunAllTest::testSecurity with data set #1112";d:0.037;s:44:"RunAllTest::testSecurity with data set #1113";d:0.034;s:44:"RunAllTest::testSecurity with data set #1114";d:0.03;s:44:"RunAllTest::testSecurity with data set #1115";d:0.032;s:44:"RunAllTest::testSecurity with data set #1116";d:0.034;s:44:"RunAllTest::testSecurity with data set #1117";d:0.033;s:44:"RunAllTest::testSecurity with data set #1118";d:0.032;s:44:"RunAllTest::testSecurity with data set #1119";d:0.065;s:44:"RunAllTest::testSecurity with data set #1120";d:0.036;s:44:"RunAllTest::testSecurity with data set #1121";d:0.041;s:44:"RunAllTest::testSecurity with data set #1122";d:0.036;s:44:"RunAllTest::testSecurity with data set #1123";d:0.036;s:44:"RunAllTest::testSecurity with data set #1124";d:0.037;s:44:"RunAllTest::testSecurity with data set #1125";d:0.035;s:44:"RunAllTest::testSecurity with data set #1126";d:0.033;s:44:"RunAllTest::testSecurity with data set #1127";d:0.042;s:44:"RunAllTest::testSecurity with data set #1128";d:0.036;s:44:"RunAllTest::testSecurity with data set #1129";d:0.062;s:44:"RunAllTest::testSecurity with data set #1130";d:0.037;s:44:"RunAllTest::testSecurity with data set #1131";d:0.038;s:44:"RunAllTest::testSecurity with data set #1132";d:0.038;s:44:"RunAllTest::testSecurity with data set #1133";d:0.04;s:44:"RunAllTest::testSecurity with data set #1134";d:0.031;s:44:"RunAllTest::testSecurity with data set #1135";d:0.032;s:44:"RunAllTest::testSecurity with data set #1136";d:0.035;s:44:"RunAllTest::testSecurity with data set #1137";d:0.036;s:44:"RunAllTest::testSecurity with data set #1138";d:0.031;s:44:"RunAllTest::testSecurity with data set #1139";d:0.053;s:44:"RunAllTest::testSecurity with data set #1140";d:0.033;s:44:"RunAllTest::testSecurity with data set #1141";d:0.04;s:44:"RunAllTest::testSecurity with data set #1142";d:0.04;s:44:"RunAllTest::testSecurity with data set #1143";d:0.035;s:44:"RunAllTest::testSecurity with data set #1144";d:0.033;s:44:"RunAllTest::testSecurity with data set #1145";d:0.032;s:44:"RunAllTest::testSecurity with data set #1146";d:0.031;s:44:"RunAllTest::testSecurity with data set #1147";d:0.029;s:44:"RunAllTest::testSecurity with data set #1148";d:0.032;s:44:"RunAllTest::testSecurity with data set #1149";d:0.03;s:44:"RunAllTest::testSecurity with data set #1150";d:0.029;s:44:"RunAllTest::testSecurity with data set #1151";d:0.057;s:44:"RunAllTest::testSecurity with data set #1152";d:0.034;s:44:"RunAllTest::testSecurity with data set #1153";d:0.042;s:44:"RunAllTest::testSecurity with data set #1154";d:0.046;s:44:"RunAllTest::testSecurity with data set #1155";d:0.033;s:44:"RunAllTest::testSecurity with data set #1156";d:0.035;s:44:"RunAllTest::testSecurity with data set #1157";d:0.037;s:44:"RunAllTest::testSecurity with data set #1158";d:0.036;s:44:"RunAllTest::testSecurity with data set #1159";d:0.034;s:44:"RunAllTest::testSecurity with data set #1160";d:0.032;s:44:"RunAllTest::testSecurity with data set #1161";d:0.033;s:44:"RunAllTest::testSecurity with data set #1162";d:0.057;s:44:"RunAllTest::testSecurity with data set #1163";d:0.035;s:44:"RunAllTest::testSecurity with data set #1164";d:0.038;s:44:"RunAllTest::testSecurity with data set #1165";d:0.037;s:44:"RunAllTest::testSecurity with data set #1166";d:0.035;s:44:"RunAllTest::testSecurity with data set #1167";d:0.036;s:44:"RunAllTest::testSecurity with data set #1168";d:0.038;s:44:"RunAllTest::testSecurity with data set #1169";d:0.043;s:44:"RunAllTest::testSecurity with data set #1170";d:0.042;s:44:"RunAllTest::testSecurity with data set #1171";d:0.044;s:44:"RunAllTest::testSecurity with data set #1172";d:0.061;s:44:"RunAllTest::testSecurity with data set #1173";d:0.041;s:44:"RunAllTest::testSecurity with data set #1174";d:0.047;s:44:"RunAllTest::testSecurity with data set #1175";d:0.043;s:44:"RunAllTest::testSecurity with data set #1176";d:0.041;s:44:"RunAllTest::testSecurity with data set #1177";d:0.043;s:44:"RunAllTest::testSecurity with data set #1178";d:0.036;s:44:"RunAllTest::testSecurity with data set #1179";d:0.037;s:44:"RunAllTest::testSecurity with data set #1180";d:0.031;s:44:"RunAllTest::testSecurity with data set #1181";d:0.03;s:44:"RunAllTest::testSecurity with data set #1182";d:0.057;s:44:"RunAllTest::testSecurity with data set #1183";d:0.032;s:44:"RunAllTest::testSecurity with data set #1184";d:0.038;s:44:"RunAllTest::testSecurity with data set #1185";d:0.037;s:44:"RunAllTest::testSecurity with data set #1186";d:0.033;s:44:"RunAllTest::testSecurity with data set #1187";d:0.037;s:44:"RunAllTest::testSecurity with data set #1188";d:0.03;s:44:"RunAllTest::testSecurity with data set #1189";d:0.029;s:44:"RunAllTest::testSecurity with data set #1190";d:0.032;s:44:"RunAllTest::testSecurity with data set #1191";d:0.034;s:44:"RunAllTest::testSecurity with data set #1192";d:0.029;s:44:"RunAllTest::testSecurity with data set #1193";d:0.029;s:44:"RunAllTest::testSecurity with data set #1194";d:0.029;s:44:"RunAllTest::testSecurity with data set #1195";d:0.027;s:44:"RunAllTest::testSecurity with data set #1196";d:0.046;s:44:"RunAllTest::testSecurity with data set #1197";d:0.035;s:44:"RunAllTest::testSecurity with data set #1198";d:0.063;s:44:"RunAllTest::testSecurity with data set #1199";d:0.03;s:44:"RunAllTest::testSecurity with data set #1200";d:0.032;s:44:"RunAllTest::testSecurity with data set #1201";d:0.033;s:44:"RunAllTest::testSecurity with data set #1202";d:0.033;s:44:"RunAllTest::testSecurity with data set #1203";d:0.033;s:44:"RunAllTest::testSecurity with data set #1204";d:0.029;s:44:"RunAllTest::testSecurity with data set #1205";d:0.03;s:44:"RunAllTest::testSecurity with data set #1206";d:0.031;s:44:"RunAllTest::testSecurity with data set #1207";d:0.037;s:44:"RunAllTest::testSecurity with data set #1208";d:0.03;s:44:"RunAllTest::testSecurity with data set #1209";d:0.03;s:44:"RunAllTest::testSecurity with data set #1210";d:0.031;s:44:"RunAllTest::testSecurity with data set #1211";d:0.029;s:44:"RunAllTest::testSecurity with data set #1212";d:0.025;s:44:"RunAllTest::testSecurity with data set #1213";d:0.026;s:44:"RunAllTest::testSecurity with data set #1214";d:0.028;s:44:"RunAllTest::testSecurity with data set #1215";d:0.059;s:44:"RunAllTest::testSecurity with data set #1216";d:0.03;s:44:"RunAllTest::testSecurity with data set #1217";d:0.031;s:44:"RunAllTest::testSecurity with data set #1218";d:0.03;s:44:"RunAllTest::testSecurity with data set #1219";d:0.03;s:44:"RunAllTest::testSecurity with data set #1220";d:0.039;s:44:"RunAllTest::testSecurity with data set #1221";d:0.036;s:44:"RunAllTest::testSecurity with data set #1222";d:0.035;s:44:"RunAllTest::testSecurity with data set #1223";d:0.038;s:44:"RunAllTest::testSecurity with data set #1224";d:0.038;s:44:"RunAllTest::testSecurity with data set #1225";d:0.033;s:44:"RunAllTest::testSecurity with data set #1226";d:0.034;s:44:"RunAllTest::testSecurity with data set #1227";d:0.033;s:44:"RunAllTest::testSecurity with data set #1228";d:0.062;s:44:"RunAllTest::testSecurity with data set #1229";d:0.04;s:44:"RunAllTest::testSecurity with data set #1230";d:0.037;s:44:"RunAllTest::testSecurity with data set #1231";d:0.038;s:44:"RunAllTest::testSecurity with data set #1232";d:0.036;s:44:"RunAllTest::testSecurity with data set #1233";d:0.036;s:44:"RunAllTest::testSecurity with data set #1234";d:0.035;s:44:"RunAllTest::testSecurity with data set #1235";d:0.04;s:44:"RunAllTest::testSecurity with data set #1236";d:0.032;s:44:"RunAllTest::testSecurity with data set #1237";d:0.034;s:44:"RunAllTest::testSecurity with data set #1238";d:0.063;s:44:"RunAllTest::testSecurity with data set #1239";d:0.035;s:44:"RunAllTest::testSecurity with data set #1240";d:0.038;s:44:"RunAllTest::testSecurity with data set #1241";d:0.034;s:44:"RunAllTest::testSecurity with data set #1242";d:0.033;s:44:"RunAllTest::testSecurity with data set #1243";d:0.032;s:44:"RunAllTest::testSecurity with data set #1244";d:0.033;s:44:"RunAllTest::testSecurity with data set #1245";d:0.033;s:44:"RunAllTest::testSecurity with data set #1246";d:0.041;s:44:"RunAllTest::testSecurity with data set #1247";d:0.032;s:44:"RunAllTest::testSecurity with data set #1248";d:0.032;s:44:"RunAllTest::testSecurity with data set #1249";d:0.029;s:44:"RunAllTest::testSecurity with data set #1250";d:0.054;s:44:"RunAllTest::testSecurity with data set #1251";d:0.038;s:44:"RunAllTest::testSecurity with data set #1252";d:0.045;s:44:"RunAllTest::testSecurity with data set #1253";d:0.037;s:44:"RunAllTest::testSecurity with data set #1254";d:0.043;s:44:"RunAllTest::testSecurity with data set #1255";d:0.034;s:44:"RunAllTest::testSecurity with data set #1256";d:0.036;s:44:"RunAllTest::testSecurity with data set #1257";d:0.037;s:44:"RunAllTest::testSecurity with data set #1258";d:0.037;s:44:"RunAllTest::testSecurity with data set #1259";d:0.033;s:44:"RunAllTest::testSecurity with data set #1260";d:0.031;s:44:"RunAllTest::testSecurity with data set #1261";d:0.031;s:44:"RunAllTest::testSecurity with data set #1262";d:0.066;s:44:"RunAllTest::testSecurity with data set #1263";d:0.037;s:44:"RunAllTest::testSecurity with data set #1264";d:0.035;s:44:"RunAllTest::testSecurity with data set #1265";d:0.032;s:44:"RunAllTest::testSecurity with data set #1266";d:0.033;s:44:"RunAllTest::testSecurity with data set #1267";d:0.045;s:44:"RunAllTest::testSecurity with data set #1268";d:0.043;s:44:"RunAllTest::testSecurity with data set #1269";d:0.041;s:44:"RunAllTest::testSecurity with data set #1270";d:0.041;s:44:"RunAllTest::testSecurity with data set #1271";d:0.041;s:44:"RunAllTest::testSecurity with data set #1272";d:0.061;s:44:"RunAllTest::testSecurity with data set #1273";d:0.04;s:44:"RunAllTest::testSecurity with data set #1274";d:0.032;s:44:"RunAllTest::testSecurity with data set #1275";d:0.033;s:44:"RunAllTest::testSecurity with data set #1276";d:0.032;s:44:"RunAllTest::testSecurity with data set #1277";d:0.03;s:44:"RunAllTest::testSecurity with data set #1278";d:0.033;s:44:"RunAllTest::testSecurity with data set #1279";d:0.028;s:44:"RunAllTest::testSecurity with data set #1280";d:0.031;s:44:"RunAllTest::testSecurity with data set #1281";d:0.033;s:44:"RunAllTest::testSecurity with data set #1282";d:0.029;s:44:"RunAllTest::testSecurity with data set #1283";d:0.029;s:44:"RunAllTest::testSecurity with data set #1284";d:0.028;s:44:"RunAllTest::testSecurity with data set #1285";d:0.027;s:44:"RunAllTest::testSecurity with data set #1286";d:0.03;s:44:"RunAllTest::testSecurity with data set #1287";d:0.06;s:44:"RunAllTest::testSecurity with data set #1288";d:0.041;s:44:"RunAllTest::testSecurity with data set #1289";d:0.036;s:44:"RunAllTest::testSecurity with data set #1290";d:0.033;s:44:"RunAllTest::testSecurity with data set #1291";d:0.035;s:44:"RunAllTest::testSecurity with data set #1292";d:0.032;s:44:"RunAllTest::testSecurity with data set #1293";d:0.034;s:44:"RunAllTest::testSecurity with data set #1294";d:0.032;s:44:"RunAllTest::testSecurity with data set #1295";d:0.03;s:44:"RunAllTest::testSecurity with data set #1296";d:0.034;s:44:"RunAllTest::testSecurity with data set #1297";d:0.029;s:44:"RunAllTest::testSecurity with data set #1298";d:0.026;s:44:"RunAllTest::testSecurity with data set #1299";d:0.028;s:44:"RunAllTest::testSecurity with data set #1300";d:0.032;s:44:"RunAllTest::testSecurity with data set #1301";d:0.029;s:44:"RunAllTest::testSecurity with data set #1302";d:0.026;s:44:"RunAllTest::testSecurity with data set #1303";d:0.06;s:44:"RunAllTest::testSecurity with data set #1304";d:0.031;s:44:"RunAllTest::testSecurity with data set #1305";d:0.032;s:44:"RunAllTest::testSecurity with data set #1306";d:0.034;s:44:"RunAllTest::testSecurity with data set #1307";d:0.032;s:44:"RunAllTest::testSecurity with data set #1308";d:0.037;s:44:"RunAllTest::testSecurity with data set #1309";d:0.03;s:44:"RunAllTest::testSecurity with data set #1310";d:0.03;s:44:"RunAllTest::testSecurity with data set #1311";d:0.03;s:44:"RunAllTest::testSecurity with data set #1312";d:0.031;s:44:"RunAllTest::testSecurity with data set #1313";d:0.029;s:44:"RunAllTest::testSecurity with data set #1314";d:0.029;s:44:"RunAllTest::testSecurity with data set #1315";d:0.026;s:44:"RunAllTest::testSecurity with data set #1316";d:0.027;s:44:"RunAllTest::testSecurity with data set #1317";d:0.029;s:44:"RunAllTest::testSecurity with data set #1318";d:0.03;s:44:"RunAllTest::testSecurity with data set #1319";d:0.069;s:44:"RunAllTest::testSecurity with data set #1320";d:0.03;s:44:"RunAllTest::testSecurity with data set #1321";d:0.034;s:44:"RunAllTest::testSecurity with data set #1322";d:0.034;s:44:"RunAllTest::testSecurity with data set #1323";d:0.035;s:44:"RunAllTest::testSecurity with data set #1324";d:0.034;s:44:"RunAllTest::testSecurity with data set #1325";d:0.031;s:44:"RunAllTest::testSecurity with data set #1326";d:0.036;s:44:"RunAllTest::testSecurity with data set #1327";d:0.035;s:44:"RunAllTest::testSecurity with data set #1328";d:0.032;s:44:"RunAllTest::testSecurity with data set #1329";d:0.032;s:44:"RunAllTest::testSecurity with data set #1330";d:0.029;s:44:"RunAllTest::testSecurity with data set #1331";d:0.027;s:44:"RunAllTest::testSecurity with data set #1332";d:0.03;s:44:"RunAllTest::testSecurity with data set #1333";d:0.064;s:44:"RunAllTest::testSecurity with data set #1334";d:0.033;s:44:"RunAllTest::testSecurity with data set #1335";d:0.033;s:44:"RunAllTest::testSecurity with data set #1336";d:0.032;s:44:"RunAllTest::testSecurity with data set #1337";d:0.035;s:44:"RunAllTest::testSecurity with data set #1338";d:0.035;s:44:"RunAllTest::testSecurity with data set #1339";d:0.036;s:44:"RunAllTest::testSecurity with data set #1340";d:0.035;s:44:"RunAllTest::testSecurity with data set #1341";d:0.041;s:44:"RunAllTest::testSecurity with data set #1342";d:0.034;s:44:"RunAllTest::testSecurity with data set #1343";d:0.033;s:44:"RunAllTest::testSecurity with data set #1344";d:0.034;s:44:"RunAllTest::testSecurity with data set #1345";d:0.061;s:44:"RunAllTest::testSecurity with data set #1346";d:0.049;s:44:"RunAllTest::testSecurity with data set #1347";d:0.036;s:44:"RunAllTest::testSecurity with data set #1348";d:0.037;s:44:"RunAllTest::testSecurity with data set #1349";d:0.034;s:44:"RunAllTest::testSecurity with data set #1350";d:0.035;s:44:"RunAllTest::testSecurity with data set #1351";d:0.04;s:44:"RunAllTest::testSecurity with data set #1352";d:0.037;s:44:"RunAllTest::testSecurity with data set #1353";d:0.033;s:44:"RunAllTest::testSecurity with data set #1354";d:0.029;s:44:"RunAllTest::testSecurity with data set #1355";d:0.057;s:44:"RunAllTest::testSecurity with data set #1356";d:0.035;s:44:"RunAllTest::testSecurity with data set #1357";d:0.031;s:44:"RunAllTest::testSecurity with data set #1358";d:0.038;s:44:"RunAllTest::testSecurity with data set #1359";d:0.035;s:44:"RunAllTest::testSecurity with data set #1360";d:0.037;s:44:"RunAllTest::testSecurity with data set #1361";d:0.04;s:44:"RunAllTest::testSecurity with data set #1362";d:0.035;s:44:"RunAllTest::testSecurity with data set #1363";d:0.034;s:44:"RunAllTest::testSecurity with data set #1364";d:0.039;s:44:"RunAllTest::testSecurity with data set #1365";d:0.058;s:44:"RunAllTest::testSecurity with data set #1366";d:0.038;s:44:"RunAllTest::testSecurity with data set #1367";d:0.039;s:44:"RunAllTest::testSecurity with data set #1368";d:0.036;s:44:"RunAllTest::testSecurity with data set #1369";d:0.036;s:44:"RunAllTest::testSecurity with data set #1370";d:0.041;s:44:"RunAllTest::testSecurity with data set #1371";d:0.044;s:44:"RunAllTest::testSecurity with data set #1372";d:0.052;s:44:"RunAllTest::testSecurity with data set #1373";d:0.04;s:44:"RunAllTest::testSecurity with data set #1374";d:0.073;s:44:"RunAllTest::testSecurity with data set #1375";d:0.049;s:44:"RunAllTest::testSecurity with data set #1376";d:0.034;s:44:"RunAllTest::testSecurity with data set #1377";d:0.034;s:44:"RunAllTest::testSecurity with data set #1378";d:0.032;s:44:"RunAllTest::testSecurity with data set #1379";d:0.03;s:44:"RunAllTest::testSecurity with data set #1380";d:0.034;s:44:"RunAllTest::testSecurity with data set #1381";d:0.035;s:44:"RunAllTest::testSecurity with data set #1382";d:0.032;s:44:"RunAllTest::testSecurity with data set #1383";d:0.031;s:44:"RunAllTest::testSecurity with data set #1384";d:0.033;s:44:"RunAllTest::testSecurity with data set #1385";d:0.03;s:44:"RunAllTest::testSecurity with data set #1386";d:0.029;s:44:"RunAllTest::testSecurity with data set #1387";d:0.06;s:44:"RunAllTest::testSecurity with data set #1388";d:0.025;s:44:"RunAllTest::testSecurity with data set #1389";d:0.038;s:44:"RunAllTest::testSecurity with data set #1390";d:0.07;s:44:"RunAllTest::testSecurity with data set #1391";d:0.026;s:44:"RunAllTest::testSecurity with data set #1392";d:0.024;s:44:"RunAllTest::testSecurity with data set #1393";d:0.023;s:44:"RunAllTest::testSecurity with data set #1394";d:0.027;s:44:"RunAllTest::testSecurity with data set #1395";d:0.023;s:44:"RunAllTest::testSecurity with data set #1396";d:0.042;s:44:"RunAllTest::testSecurity with data set #1397";d:0.026;s:44:"RunAllTest::testSecurity with data set #1398";d:0.018;s:44:"RunAllTest::testSecurity with data set #1399";d:0.027;s:44:"RunAllTest::testSecurity with data set #1400";d:0.031;s:44:"RunAllTest::testSecurity with data set #1401";d:0.023;s:44:"RunAllTest::testSecurity with data set #1402";d:0.026;s:44:"RunAllTest::testSecurity with data set #1403";d:0.027;s:44:"RunAllTest::testSecurity with data set #1404";d:0.06;s:48:"RunAllFoldersTest::testSecurity with data set #0";d:0.036;s:48:"RunAllFoldersTest::testSecurity with data set #1";d:0.038;s:43:"RunFlowsTest::testSecurity with data set #0";d:0.024;s:43:"RunFlowsTest::testSecurity with data set #1";d:0.026;s:43:"RunFlowsTest::testSecurity with data set #2";d:0.02;s:50:"RunExcludeFilesTest::testSecurity with data set #0";d:0.04;s:50:"RunExcludeFilesTest::testSecurity with data set #1";d:0.022;}}}
\ No newline at end of file
diff --git a/projects/tests/composer.json b/projects/tests/composer.json
index bdc2c2e5..20431f67 100644
--- a/projects/tests/composer.json
+++ b/projects/tests/composer.json
@@ -15,11 +15,11 @@
}
],
"require": {
- "php": "^7.0",
+ "php": ">=7.4",
"progpilot/package": "@dev",
- "ircmaxell/php-cfg": "1.0.x-dev"
+ "ircmaxell/php-cfg": "^0.6.0"
},
"require-dev": {
- "phpunit/phpunit": "^6.0"
+ "phpunit/phpunit": "^8.0 || ^9.0"
}
}
diff --git a/projects/tests/conditionstest.php b/projects/tests/conditionstest.php
index bc6e88c0..2b60617a 100644
--- a/projects/tests/conditionstest.php
+++ b/projects/tests/conditionstest.php
@@ -20,11 +20,13 @@
],
[
"./tests/conditions/condition7.php",
- [["\$tainted", "3", "xss"]]
- ],
+ [["\$notsafe", "7", "xss"],
+ ["\$tainted", "3", "xss"]]
+ ]/*,
[
"./tests/conditions/condition8.php",
- [["\$tainted", "47", "xss"],
+ [["\$tainted", "40", "xss"],
+ ["\$tainted", "47", "xss"],
["\$tainted", "53", "xss"]]
- ]
+ ]*/
];
diff --git a/projects/tests/config1.yml b/projects/tests/config1.yml
new file mode 100644
index 00000000..7d0db1bf
--- /dev/null
+++ b/projects/tests/config1.yml
@@ -0,0 +1,41 @@
+inputs:
+ dev_mode: false
+ languages:
+ - php
+ sources:
+ keep_defaults: true
+ config_files: ~
+ sinks:
+ keep_defaults: true
+ config_files: ~
+ validators:
+ keep_defaults: true
+ config_files: ~
+ sanitizers:
+ keep_defaults: true
+ config_files: ~
+ customrules:
+ keep_defaults: true
+ config_files: ~
+ inclusions:
+ - "./tests/folders/folderconfig1/"
+ exclusions:
+ - "vendor"
+ - "node_modules"
+ - "onefileexcludedtestconfig.php"
+ - "onefolderexcludedtestconfig"
+ - "./tests/folders/folderconfig1/sub_folder2"
+ resolved_includes_file: ~
+ false_positives: ~
+
+outputs:
+ tainted_flow: true
+ include_failures_file: ~
+
+options:
+ analyze_includes: true
+ debug_mode: false
+ pretty_print: true
+ max_file_analysis_duration: 30
+ max_definitions: 500
+ max_file_size: 1000000
diff --git a/projects/tests/config2.yml b/projects/tests/config2.yml
new file mode 100644
index 00000000..19b29a3c
--- /dev/null
+++ b/projects/tests/config2.yml
@@ -0,0 +1,37 @@
+inputs:
+ dev_mode: false
+ languages:
+ - php
+ sources:
+ keep_defaults: true
+ config_files: ~
+ sinks:
+ keep_defaults: true
+ config_files: ~
+ validators:
+ keep_defaults: true
+ config_files: ~
+ sanitizers:
+ keep_defaults: true
+ config_files: ~
+ customrules:
+ keep_defaults: true
+ config_files: ~
+ inclusions:
+ - "./tests/folders/folderconfig2/fileonly.php"
+ exclusions:
+ - "vendor"
+ resolved_includes_file: ~
+ false_positives: ~
+
+outputs:
+ tainted_flow: true
+ include_failures_file: ~
+
+options:
+ analyze_includes: true
+ debug_mode: false
+ pretty_print: true
+ max_file_analysis_duration: 30
+ max_definitions: 500
+ max_file_size: 1000000
diff --git a/projects/tests/config3.yml b/projects/tests/config3.yml
new file mode 100644
index 00000000..7d9f06f5
--- /dev/null
+++ b/projects/tests/config3.yml
@@ -0,0 +1,39 @@
+inputs:
+ dev_mode: false
+ languages:
+ - php
+ sources:
+ keep_defaults: true
+ config_files:
+ - "./tests/folders/folderconfig3/sources.json"
+ sinks:
+ keep_defaults: true
+ config_files: ~
+ validators:
+ keep_defaults: true
+ config_files: ~
+ sanitizers:
+ keep_defaults: true
+ config_files: ~
+ customrules:
+ keep_defaults: true
+ config_files: ~
+ inclusions:
+ - "./tests/folders/folderconfig3/"
+ exclusions:
+ - "vendor"
+ - "node_modules"
+ resolved_includes_file: ~
+ false_positives: ~
+
+outputs:
+ tainted_flow: true
+ include_failures_file: ~
+
+options:
+ analyze_includes: true
+ debug_mode: false
+ pretty_print: true
+ max_file_analysis_duration: 30
+ max_definitions: 500
+ max_file_size: 1000000
diff --git a/projects/tests/config4.yml b/projects/tests/config4.yml
new file mode 100644
index 00000000..9f8b07a2
--- /dev/null
+++ b/projects/tests/config4.yml
@@ -0,0 +1,39 @@
+inputs:
+ dev_mode: false
+ languages:
+ - php
+ sources:
+ keep_defaults: false
+ config_files:
+ - "./tests/folders/folderconfig4/sources.json"
+ sinks:
+ keep_defaults: true
+ config_files: ~
+ validators:
+ keep_defaults: true
+ config_files: ~
+ sanitizers:
+ keep_defaults: true
+ config_files: ~
+ customrules:
+ keep_defaults: true
+ config_files: ~
+ inclusions:
+ - "./tests/folders/folderconfig4/"
+ exclusions:
+ - "vendor"
+ - "node_modules"
+ resolved_includes_file: ~
+ false_positives: ~
+
+outputs:
+ tainted_flow: true
+ include_failures_file: ~
+
+options:
+ analyze_includes: true
+ debug_mode: false
+ pretty_print: true
+ max_file_analysis_duration: 30
+ max_definitions: 500
+ max_file_size: 1000000
diff --git a/projects/tests/config5.yml b/projects/tests/config5.yml
new file mode 100644
index 00000000..4a276205
--- /dev/null
+++ b/projects/tests/config5.yml
@@ -0,0 +1,38 @@
+inputs:
+ dev_mode: false
+ languages:
+ - php
+ sources:
+ keep_defaults: true
+ config_files: ~
+ sinks:
+ keep_defaults: true
+ config_files: ~
+ validators:
+ keep_defaults: true
+ config_files: ~
+ sanitizers:
+ keep_defaults: true
+ config_files: ~
+ customrules:
+ keep_defaults: true
+ config_files: ~
+ inclusions:
+ - "./tests/folders/folderconfig5/"
+ exclusions:
+ - "vendor"
+ - "node_modules"
+ resolved_includes_file: ~
+ false_positives: "./tests/folders/folderconfig5/false_positives.json"
+
+outputs:
+ tainted_flow: true
+ include_failures_file: ~
+
+options:
+ analyze_includes: true
+ debug_mode: false
+ pretty_print: true
+ max_file_analysis_duration: 30
+ max_definitions: 500
+ max_file_size: 1000000
diff --git a/projects/tests/config6.yml b/projects/tests/config6.yml
new file mode 100644
index 00000000..5a29d22f
--- /dev/null
+++ b/projects/tests/config6.yml
@@ -0,0 +1,39 @@
+inputs:
+ dev_mode: false
+ languages:
+ - php
+ sources:
+ keep_defaults: true
+ config_files: ~
+ sinks:
+ keep_defaults: true
+ config_files: ~
+ validators:
+ keep_defaults: true
+ config_files: ~
+ sanitizers:
+ keep_defaults: true
+ config_files: ~
+ customrules:
+ keep_defaults: true
+ config_files: ~
+ inclusions:
+ - "./tests/folders/folderconfig6/"
+ - "./tests/folders/folderconfig6/vendor/"
+ exclusions:
+ - "vendor"
+ - "node_modules"
+ resolved_includes_file: ~
+ false_positives: ~
+
+outputs:
+ tainted_flow: true
+ include_failures_file: ~
+
+options:
+ analyze_includes: true
+ debug_mode: false
+ pretty_print: true
+ max_file_analysis_duration: 30
+ max_definitions: 500
+ max_file_size: 1000000
diff --git a/projects/tests/config7.yml b/projects/tests/config7.yml
new file mode 100644
index 00000000..8e79c711
--- /dev/null
+++ b/projects/tests/config7.yml
@@ -0,0 +1,36 @@
+inputs:
+ dev_mode: false
+ languages:
+ - php
+ sources:
+ keep_defaults: true
+ config_files: ~
+ sinks:
+ keep_defaults: true
+ config_files: ~
+ validators:
+ keep_defaults: true
+ config_files: ~
+ sanitizers:
+ keep_defaults: true
+ config_files: ~
+ customrules:
+ keep_defaults: true
+ config_files: ~
+ inclusions:
+ - "./tests/folders/folderconfig7/mix3.php"
+ exclusions: ~
+ resolved_includes_file: "./tests/folders/folderconfig7/resolved_includes.json"
+ false_positives: ~
+
+outputs:
+ tainted_flow: true
+ include_failures_file: "./tests/folders/folderconfig7/include_failures.json"
+
+options:
+ analyze_includes: true
+ debug_mode: false
+ pretty_print: true
+ max_file_analysis_duration: 30
+ max_definitions: 500
+ max_file_size: 1000000
diff --git a/projects/tests/configtest.php b/projects/tests/configtest.php
new file mode 100644
index 00000000..c947679c
--- /dev/null
+++ b/projects/tests/configtest.php
@@ -0,0 +1,68 @@
+member1", "9", "xss"]]
+ [["\$inst->member1", "10", "xss"]]
],
[
"./tests/data/source12.php",
@@ -111,8 +107,8 @@
],
[
"./tests/data/source15.php",
- [["\$inst->object->member1", "18", "xss"],
- ["\$inst1->object->member1", "44", "xss"]]
+ [["\$member1", "10", "xss"],
+ ["\$member1", "36", "xss"]]
],
[
"./tests/data/source16.php",
@@ -133,7 +129,11 @@
],
[
"./tests/data/source20.php",
- [["\$comment->ddd", "23", "xss"]]
+ [["\$b", "4", "xss"]]
+ ],
+ [
+ "./tests/data/source21.php",
+ [["\$title", "0", "xss"]]
],
[
"./tests/data/sanitizer1.php",
@@ -172,5 +172,62 @@
[
"./tests/data/sanitizer9.php",
[["\$tainted3", "19", "xss"]]
+ ],
+ [
+ "./tests/data/sanitizer10.php",
+ []
+ ],
+ [
+ "./tests/data/sanitizer11.php",
+ []
+ ]
+ /*,
+ // need support of proper validator propagation
+ [
+ "./tests/data/validator1.php",
+ [["\$tainted3", "19", "xss"]]
+ ]
+ */,
+ [
+ "./tests/data/validator2.php",
+ [["\$tainted", "3", "xss"],
+ ["\$tainted", "3", "xss"]]
+ ],
+ [
+ "./tests/data/validator3.php",
+ [["\$tainted", "3", "xss"],
+ ["\$tainted", "3", "xss"]]
+ ],
+ [
+ "./tests/data/validator4.php",
+ [["\$tainted", "3", "xss"]]
+ ],
+ [
+ "./tests/data/validator5.php",
+ [["\$tainted", "3", "xss"]]
+ ],
+ [
+ "./tests/data/validator6.php",
+ [["\$show_updated", "3", "xss"]]
+ ],
+ [
+ "./tests/data/customvalidator1.php",
+ [["\$a", "25", "file_inclusion"]]
+ ],
+ [
+ "./tests/data/customvalidator2.php",
+ [["\$a", "14", "file_inclusion"]]
+ ],
+ [
+ "./tests/data/customvalidator3.php",
+ [["\$a", "16", "file_inclusion"]]
+ ],
+ [
+ "./tests/data/customvalidator4.php",
+ [["\$a", "16", "file_inclusion"]]
+ ],
+ [
+ "./tests/data/customvalidator5.php",
+ [["\$a", "16", "file_inclusion"]]
]
];
diff --git a/projects/tests/flowstest.php b/projects/tests/flowstest.php
index 633e185d..3605ab4b 100644
--- a/projects/tests/flowstest.php
+++ b/projects/tests/flowstest.php
@@ -11,7 +11,7 @@
],
[
"./tests/flows/flow2.php",
- [["\$this->object1", "6"],
+ [["\$this->object1", "15"],
["\$val", "8"],
["\$_GET[\"p\"]", "21"]]
],
@@ -19,5 +19,20 @@
"./tests/flows/flow3.php",
[["\$var1", "3"],
["\$_GET[\"p1\"]", "3"]]
+ ],
+ [
+ "./tests/flows/flow4.php",
+ [["\$plugin_basename_return", "6"],
+ ["\$file", "5"],
+ ["\$preg_replace_return", "5"],
+ ["\$preg_replace_param2_line5_column101_progpilot", "5"],
+ ["\$file", "4"],
+ ["\$preg_replace_return", "4"],
+ ["\$preg_replace_param2_line4_column51_progpilot", "4"],
+ ["\$file", "3"],
+ ["\$plugin_page", "20"],
+ ["\$stripslashes_return", "20"],
+ ["\$stripslashes_param0_line20_column417_progpilot", "20"],
+ ["\$_GET[\"page\"]", "20"]]
]
];
diff --git a/projects/tests/folderexcludedtest.php b/projects/tests/folderexcludedtest.php
index 61752b82..2ffc5786 100644
--- a/projects/tests/folderexcludedtest.php
+++ b/projects/tests/folderexcludedtest.php
@@ -3,12 +3,23 @@
return [
[
"./tests/folders/folder1",
- [["\$var1[0]", '4', "xss"],
+ [["\$var1[0]", '9', "xss"],
["\$var1", '6', "xss"],
["\$var2", '9', "xss"]]
],
[
"./tests/folders/folder2",
- [["\$var1[0]", "4", "xss"]]
+ [["\$var1[0]", "9", "xss"]]
+ ],
+ [
+ "./tests/folders/folder3",
+ [["\$var2", "9", "xss"],
+ ["\$var1[0]", "9", "xss"],
+ ["\$var1", "6", "xss"]]
+ ],
+ [
+ "./tests/folders/folder4",
+ [["\$_GET[\"p2\"]", "3", "xss"],
+ ["\$_GET[\"p4\"]", "3", "xss"]]
]
];
diff --git a/projects/tests/foldertest.php b/projects/tests/foldertest.php
index 9ad22dfc..41df381d 100644
--- a/projects/tests/foldertest.php
+++ b/projects/tests/foldertest.php
@@ -1,16 +1,46 @@
last_query", "102", "xss"]]
+ ]/*,
+ [
+ "./tests/real/wordpress3",
+ [["\$query", "131", "sql_injection"],
+ ["\$this->last_query", "101", "xss"],
+ ["\$query", "131", "sql_injection"],
+ ["\$this->last_query", "101", "xss"]]
+ ]*/,
+ [
+ "./tests/real/namespaces1",
+ [["\$tainted", "7", "xss"],
+ ["\$tainted", "7", "xss"]]
+ ],
+ [
+ "./tests/real/incallstack/",
+ [["\$rtrim_return", "77", "xss"]]
]
];
diff --git a/projects/tests/frameworkstest.php b/projects/tests/frameworkstest.php
index fe883bc6..a38b1ba1 100644
--- a/projects/tests/frameworkstest.php
+++ b/projects/tests/frameworkstest.php
@@ -3,7 +3,7 @@
return [
[
"./tests/frameworks/codeigniter1.php",
- [["\$_GET[\"p\"]", '6', "xss"]]
+ [["\$data[\"title\"]", '8', "xss"]]
],
[
"./tests/frameworks/codeigniter2.php",
@@ -15,7 +15,7 @@
],
[
"./tests/frameworks/symfony1.php",
- [["5", "67", "security misconfiguration"],
+ [["5", "79", "security misconfiguration"],
["11", "183", "security misconfiguration"]]
]
];
diff --git a/projects/tests/generictest.php b/projects/tests/generictest.php
index 5304bc15..50a52b93 100644
--- a/projects/tests/generictest.php
+++ b/projects/tests/generictest.php
@@ -19,11 +19,11 @@
],
[
"./tests/generic/alias5.php",
- [["\$var5[\"t\"]", "3", "xss"]]
+ [["\$var5[\"t\"]", "6", "xss"]]
],
[
"./tests/generic/mix1.php",
- [["\$var1[0]", "4", "xss"]]
+ [["\$var1[0]", "9", "xss"]]
],
[
"./tests/generic/mix2.php",
@@ -51,7 +51,7 @@
],
[
"./tests/generic/simple5.php",
- [["\$myvar1[11]", "3", "xss"]]
+ [["\$myvar1[11]", "5", "xss"]]
],
[
"./tests/generic/simple6.php",
@@ -63,8 +63,8 @@
],
[
"./tests/generic/simple8.php",
- [["\$var_gauche[0]", "3", "xss"],
- ["\$ret[0]", "8", "xss"]]
+ [["\$var_gauche[0]", "5", "xss"],
+ ["\$ret[0]", "10", "xss"]]
],
[
"./tests/generic/simple9.php",
@@ -94,24 +94,24 @@
[
"./tests/generic/arrays1.php",
- [["\$newmyarr[11][9865]", "4", "xss"]]
+ [["\$newmyarr[11][9865]", "7", "xss"]]
],
[
"./tests/generic/arrays2.php",
- [["\$newmyarr[11][9865]", "3", "xss"]]
+ [["\$newmyarr[11][9865]", "4", "xss"]]
],
[
"./tests/generic/arrays3.php",
- [["\$newmyarr[11]", "4", "xss"]]
+ [["\$newmyarr[11]", "7", "xss"]]
],
[
"./tests/generic/arrays4.php",
- [["\$newmyarr[11]", "4", "xss"]]
+ [["\$copy[11]", "8", "xss"]]
],
[
"./tests/generic/arrays5.php",
- [["\$var1", "3", "xss"]]
+ [["\$newmyarr[11][9865]", "6", "xss"]]
],
[
"./tests/generic/arrays6.php",
@@ -119,27 +119,27 @@
],
[
"./tests/generic/arrays7.php",
- [["\$onearr[9865]", "3", "xss"]]
+ [["\$testarr[11][9865]", "7", "xss"]]
],
[
"./tests/generic/arrays8.php",
- [["\$arr[1113]", "6", "xss"]]
+ [["\$arr[1113]", "9", "xss"]]
],
[
"./tests/generic/arrays9.php",
- [["\$onearr[11][6661]", "4", "xss"]]
+ [["\$testarr[6661]", "8", "xss"]]
],
[
"./tests/generic/arrays10.php",
- [["\$arr[0]", "3", "xss"]]
+ [["\$arr[0]", "5", "xss"]]
],
[
"./tests/generic/arrays11.php",
- [["\$arr[0][2]", "3", "xss"]]
+ [["\$arr[0][1]", "7", "xss"]]
],
[
"./tests/generic/arrays12.php",
- [["\$var1[1]", "6", "xss"]]
+ [["\$var2[1]", "13", "xss"]]
],
[
"./tests/generic/arrays13.php",
@@ -147,35 +147,52 @@
],
[
"./tests/generic/arrays14.php",
- [["\$var1[11][1]", "6", "xss"]]
+ [["\$var2[11][1]", "12", "xss"]]
],
[
"./tests/generic/arrays15.php",
- [["\$var", "8", "xss"]]
+ [["\$var1", "8", "xss"]]
],
[
"./tests/generic/arrays16.php",
- [["\$var[\"t\"]", "3", "xss"]]
+ [["\$var[\"t\"]", "5", "xss"]]
+ ],
+ [
+ "./tests/generic/arrays17.php",
+ [["\$values[0]", "7", "xss"]]
+ ],
+ [
+ "./tests/generic/arrays18.php",
+ [["\$var5[\"t\"]", "5", "xss"]]
+ ],
+ [
+ "./tests/generic/arrays19.php",
+ [["\$var5[\"t\"]", "6", "xss"],
+ ["\$var5[\"t\"]", "14", "xss"]]
+ ],
+ [
+ "./tests/generic/arrays20.php",
+ [["\$a", "3", "xss"]]
],
[
"./tests/generic/arraysrec1.php",
- [["\$var1[1]", "8", "xss"]]
+ [["\$var1[1]", "10", "xss"]]
],
[
"./tests/generic/arraysexpr1.php",
- [["\$newmyarr[2]", "3", "xss"]]
+ [["\$newmyarr[2]", "7", "xss"]]
],
[
"./tests/generic/arraysexpr2.php",
- [["\$newmyarr[2][1][2]", "3", "xss"]]
+ [["\$newmyarr[2][1][2]", "6", "xss"]]
],
[
"./tests/generic/arraysexpr3.php",
- [["\$onearr[11][6661]", "3", "xss"]]
+ [["\$newmyarr[2][2][11][6661]", "10", "xss"]]
],
[
"./tests/generic/arraysexpr4.php",
- [["\$var_main[\"TEST1\"]", "4", "xss"]]
+ [["\$var_main[\"TEST1\"]", "10", "xss"]]
],
[
"./tests/generic/functions1.php",
@@ -183,11 +200,11 @@
],
[
"./tests/generic/functions2.php",
- [["\$safea", "8", "xss"]]
+ [["\$safea[0]", "10", "xss"]]
],
[
"./tests/generic/functions3.php",
- [["\$testf_return[0]", "7", "xss"]]
+ [["\$arraysafe[0]", "14", "xss"]]
],
[
"./tests/generic/functions4.php",
@@ -199,7 +216,9 @@
],
[
"./tests/generic/functions6.php",
- [["\$_GET[\"p\"]", "15", "xss"]]
+ [["\$_GET[\"p\"]", "5", "xss"],
+ ["\$_GET[\"p\"]", "10", "xss"],
+ ["\$_GET[\"p\"]", "15", "xss"]]
],
[
"./tests/generic/functions7.php",
@@ -211,23 +230,23 @@
],
[
"./tests/generic/functions9.php",
- [["\$arr[8989][1]", "5", "xss"]]
+ [["\$ret[0][8989][1]", "12", "xss"]]
],
[
"./tests/generic/functions10.php",
- [["\$arr[8989][1][989]", "5", "xss"]]
+ [["\$ret[0][1][989]", "12", "xss"]]
],
[
"./tests/generic/functions11.php",
- [["\$ret[0]", "8", "xss"]]
+ [["\$ret[0]", "10", "xss"]]
],
[
"./tests/generic/functions12.php",
- [["\$arr[8989][1][989]", "5", "xss"]]
+ [["\$ret_gauche[0][8989][1][989]", "12", "xss"]]
],
[
"./tests/generic/functions13.php",
- [["\$testf1_return[0]", "5", "xss"]]
+ [["\$ret[0][0]", "10", "xss"]]
],
[
"./tests/generic/functions14.php",
@@ -235,11 +254,11 @@
],
[
"./tests/generic/functions15.php",
- [["\$var[1][12]", "9", "xss"]]
+ [["\$var_param[1][12]", "5", "xss"]]
],
[
"./tests/generic/functions16.php",
- [["\$var[1][12]", "9", "xss"]]
+ [["\$var_param[1][12]", "5", "xss"]]
],
[
"./tests/generic/functions17.php",
@@ -251,11 +270,28 @@
],
[
"./tests/generic/functions19.php",
- [["\$testf1_param0_line10_column65_progpilot[\"test\"]", "10", "xss"]]
+ [["\$param2[\"test\"]", "6", "xss"]]
+ ],
+ [
+ "./tests/generic/functions20.php",
+ [["\$thisfunctionexistandreturn_return", "23", "xss"]]
+ ],
+ [
+ "./tests/generic/functions21.php",
+ [["\$ret", "16", "xss"]]
+ ],
+ [
+ "./tests/generic/functions22.php",
+ [["\$ret1", "10", "xss"],
+ ["\$ret2", "14", "xss"]]
+ ],
+ [
+ "./tests/generic/functions23.php",
+ [["\$b", "19", "xss"]]
],
[
"./tests/generic/functionsrec1.php",
- [["\$var", "10", "xss"]]
+ [["\$var", "15", "xss"]]
],
[
"./tests/generic/strings1.php",
@@ -265,8 +301,6 @@
["\$id1", "19", "sql_injection"],
["\$id2", "22", "sql_injection"],
["\$id3", "25", "sql_injection"],
- ["\$id5", "31", "sql_injection"],
- ["\$id7", "35", "sql_injection"],
["\$tainted1", "48", "xss"],
["\$tainted2", "51", "xss"],
["\$tainted3", "54", "xss"],
@@ -276,7 +310,7 @@
],
[
"./tests/generic/foreach1.php",
- [["\$array_value", "6", "xss"]]
+ [["\$array_value", "12", "xss"]]
],
[
@@ -288,12 +322,12 @@
"./tests/generic/global2.php",
[["\$myvar1", "4", "xss"]]
],
-
+/* // removed because optimizations
[
"./tests/generic/global3.php",
[["\$myvar1", "3", "xss"]]
],
-
+*/
[
"./tests/generic/namespace1.php",
[["\$_GET[\"p\"]", "9", "xss"]]
@@ -317,6 +351,22 @@
[
"./tests/generic/calluserfunc4.php",
[["\$a", "3", "xss"]]
+ ],
+ [
+ "./tests/generic/loop1.php",
+ [["\$file", "10", "xss"]]
+ ],
+ [
+ "./tests/generic/loop2.php",
+ [["\$row->title", "7", "xss"]]
+ ],
+ [
+ "./tests/generic/loop3.php",
+ [["\$row->title", "5", "xss"]]
+ ],
+ [
+ "./tests/generic/loop4.php",
+ [["\$this->last_query", "6", "xss"]]
]
];
diff --git a/projects/tests/graphtest.dot b/projects/tests/graphtest.dot
deleted file mode 100644
index 204c97d7..00000000
--- a/projects/tests/graphtest.dot
+++ /dev/null
@@ -1,1184 +0,0 @@
-[0] enter_func
-name = {main}
-[1] enter_block
-id = a121a959c6502ed2e0c52e64059062307b865f5392902193636f1bc8c6884637
-[2] enter_block
-id = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3
-[3] start_assign
-[4] start_expression
-[5] start_assign
-[6] start_expression
-[7] temporarySimple
-def id 11 :: \
- name = result :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- int(0)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-[8] end_expression
-expression et tainted =
-[9] end_assign
-[10] definition
-def id 8 :: \
- name = mysql_fetch_object_param0_line3_column13_progpilot :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-[11] funccall
-name = mysql_fetch_object
-[12] end_expression
-expression et tainted =
-[13] end_assign
-[14] definition
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-[15] condition_start_if
-[16] enter_block
-id = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779
-[17] start_expression
-[18] start_assign
-[19] start_expression
-[20] temporarySimple
-def id 22 :: \
- name = row :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = 1 :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- int(0)
-}
-type_sanitized :
-array(0) {
-}
-property : ->fullname
-class_name :
-visibility : public
-__________________________________________
-
-
-[21] end_expression
-expression et tainted =
-[22] end_assign
-[23] definition
-def id 19 :: \
- name = echo_param0_line4_column60_progpilot :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-[24] funccall
-name = echo
-[25] end_expression
-expression et tainted =
-[26] enter_block
-id = 367fcacffd5660455af447204e8fce47cec8756a520978f357f3f78c58fd5aa1
-[27] leave_block
-id = 367fcacffd5660455af447204e8fce47cec8756a520978f357f3f78c58fd5aa1
-[28] leave_block
-id = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779
-[29] enter_block
-id = 62588e91d0de623b8152991465814a808eba78be1f76dfb9723d0ad08d6706c6
-[30] enter_block
-id = af852e868eafafbf5043fb141dca2cdf4af66e80680500d70067f933a871d889
-[31] start_assign
-[32] start_expression
-[33] temporarySimple
-def id 28 :: \
- name = 1 :: \
- line = 3 :: column = 7 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = af852e868eafafbf5043fb141dca2cdf4af66e80680500d70067f933a871d889 :: \
- cast = cast_string
-last_known_value :
-array(1) {
- [0]=>
- string(1) "1"
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- int(0)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-[34] end_expression
-expression et tainted =
-[35] end_assign
-[36] definition
-def id 30 :: \
- name = {main}_return :: \
- line = 3 :: column = 7 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = af852e868eafafbf5043fb141dca2cdf4af66e80680500d70067f933a871d889 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-[37] return
-[38] leave_block
-id = af852e868eafafbf5043fb141dca2cdf4af66e80680500d70067f933a871d889
-[39] leave_block
-id = 62588e91d0de623b8152991465814a808eba78be1f76dfb9723d0ad08d6706c6
-[40] leave_block
-id = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3
-[41] leave_block
-id = a121a959c6502ed2e0c52e64059062307b865f5392902193636f1bc8c6884637
-[42] leave_func
-selectDefinitions FOREACH
-def id 19 :: \
- name = echo_param0_line4_column60_progpilot :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 8 :: \
- name = mysql_fetch_object_param0_line3_column13_progpilot :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 19 :: \
- name = echo_param0_line4_column60_progpilot :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 8 :: \
- name = mysql_fetch_object_param0_line3_column13_progpilot :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 19 :: \
- name = echo_param0_line4_column60_progpilot :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 8 :: \
- name = mysql_fetch_object_param0_line3_column13_progpilot :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 19 :: \
- name = echo_param0_line4_column60_progpilot :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 8 :: \
- name = mysql_fetch_object_param0_line3_column13_progpilot :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-Opcodes::TEMPORARY
-def id 22 :: \
- name = row :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = 1 :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- int(0)
-}
-type_sanitized :
-array(0) {
-}
-property : ->fullname
-class_name :
-visibility : public
-__________________________________________
-
-
-Opcodes::TEMPORARY FOREACH
-def id 22 :: \
- name = row :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = 1 :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- int(0)
-}
-type_sanitized :
-array(0) {
-}
-property : ->fullname
-class_name :
-visibility : public
-__________________________________________
-
-
-Opcodes::FUNC_CALL ------------------------------> echo
-funccallSource func_name = echo
-array(0) {
-}
-source name = 'mysql_fetch_object'
-funccallSource func_name = echo
-array(0) {
-}
-source name = 'mysql_fetch_object'
-selectDefinitions FOREACH
-def id 8 :: \
- name = mysql_fetch_object_param0_line3_column13_progpilot :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 19 :: \
- name = echo_param0_line4_column60_progpilot :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- bool(false)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 8 :: \
- name = mysql_fetch_object_param0_line3_column13_progpilot :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 19 :: \
- name = echo_param0_line4_column60_progpilot :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- bool(false)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-Opcodes::TEMPORARY
-def id 11 :: \
- name = result :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- int(0)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-Opcodes::TEMPORARY FOREACH
-def id 11 :: \
- name = result :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- int(0)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-Opcodes::FUNC_CALL ------------------------------> mysql_fetch_object
-funccallSource func_name = mysql_fetch_object
-array(0) {
-}
-source name = 'mysql_fetch_object'
-SOURCE IS OBJECT
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = 1 :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-property value : PROGPILOT_ALL_PROPERTIES_TAINTED
-instance :
-object id : -1
-__________________________________________
-
-
-funccallSource func_name = mysql_fetch_object
-array(0) {
-}
-source name = 'mysql_fetch_object'
-SOURCE IS OBJECT
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = 1 :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-property value : PROGPILOT_ALL_PROPERTIES_TAINTED
-instance :
-object id : -1
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 30 :: \
- name = {main}_return :: \
- line = 3 :: column = 7 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = af852e868eafafbf5043fb141dca2cdf4af66e80680500d70067f933a871d889 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 8 :: \
- name = mysql_fetch_object_param0_line3_column13_progpilot :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- bool(false)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = 1 :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-property value : PROGPILOT_ALL_PROPERTIES_TAINTED
-instance :
-object id : -1
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 19 :: \
- name = echo_param0_line4_column60_progpilot :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- bool(false)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 30 :: \
- name = {main}_return :: \
- line = 3 :: column = 7 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = af852e868eafafbf5043fb141dca2cdf4af66e80680500d70067f933a871d889 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 8 :: \
- name = mysql_fetch_object_param0_line3_column13_progpilot :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- bool(false)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 13 :: \
- name = row :: \
- line = 3 :: column = 13 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = 1 :: \
- is_const = :: \
- blockid = 8c82cdbbcb5bb74ab4bd7baf99d9b56cd9c513bdfbfa6c1c7d32794c19fd9ac3 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(0) {
-}
-type_sanitized :
-array(0) {
-}
-property value : PROGPILOT_ALL_PROPERTIES_TAINTED
-instance :
-object id : -1
-__________________________________________
-
-
-selectDefinitions FOREACH
-def id 19 :: \
- name = echo_param0_line4_column60_progpilot :: \
- line = 4 :: column = 60 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = fefa1e5e8c09917c7bd52cd210658eba264c6f35f873d5e341060c59664ed779 :: \
- cast = cast_string
-last_known_value :
-array(0) {
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- bool(false)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-Opcodes::TEMPORARY
-def id 28 :: \
- name = 1 :: \
- line = 3 :: column = 7 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = af852e868eafafbf5043fb141dca2cdf4af66e80680500d70067f933a871d889 :: \
- cast = cast_string
-last_known_value :
-array(1) {
- [0]=>
- string(1) "1"
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- int(0)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-Opcodes::TEMPORARY FOREACH
-def id 28 :: \
- name = 1 :: \
- line = 3 :: column = 7 :: \
- tainted = :: \
- ref = :: \
- is_property = :: \
- is_static_property = :: \
- isInstance = :: \
- is_const = :: \
- blockid = af852e868eafafbf5043fb141dca2cdf4af66e80680500d70067f933a871d889 :: \
- cast = cast_string
-last_known_value :
-array(1) {
- [0]=>
- string(1) "1"
-}
-is_embeddedbychar :
-array(3) {
- ["'"]=>
- bool(false)
- ["<"]=>
- bool(false)
- [">"]=>
- int(0)
-}
-type_sanitized :
-array(0) {
-}
-__________________________________________
-
-
-
-digraph callgraph {
-ordering=out;
-node_092c79e8f80e559e404bcf660c48f3522b67aba9ff1484b0367e1a4ddef7431d [label="echo"];
-node_7288ab64f943bc31319375cc1ce4f0142ef44369c7d13f367eba7669867ab3d7 [label="mysql_fetch_object"];
-
-
-}
-
diff --git a/projects/tests/graphtest.php b/projects/tests/graphtest.php
index 44c8f3ef..53ffe954 100644
--- a/projects/tests/graphtest.php
+++ b/projects/tests/graphtest.php
@@ -2,41 +2,36 @@
require_once './vendor/autoload.php';
-try {
- //$file = "./tests/graphs/functionsgraph1.php";
- $file = "./tests/data/source16.php";
- $context = new \progpilot\Context;
- $analyzer = new \progpilot\Analyzer;
+$file = "./tests/data/source16.php";
+$context = new \progpilot\Context;
+$analyzer = new \progpilot\Analyzer;
- $context->inputs->setFile($file);
- $analyzer->run($context);
+$context->inputs->setFile($file);
+$analyzer->run($context);
- $graphCfgJson = $context->outputs->getCfg();
- $graphCallgraphJson = $context->outputs->getCallGraph();
+$graphCfgJson = $context->outputs->getCfg();
+$graphCallgraphJson = $context->outputs->getCallGraph();
- echo "\ndigraph callgraph {\nordering=out;\n";
- foreach ($graphCallgraphJson["nodes"] as $node) {
- echo "node_".$node["id"]." [label=\"".$node["name"]."\"];\n";
- }
+echo "\ndigraph callgraph {\nordering=out;\n";
+foreach ($graphCallgraphJson["nodes"] as $node) {
+ echo "node_".$node["id"]." [label=\"".$node["name"]."\"];\n";
+}
- foreach ($graphCallgraphJson["links"] as $link) {
- echo "node_".$link["source"]."->"."node_".$link["target"]."\n";
- }
+foreach ($graphCallgraphJson["links"] as $link) {
+ echo "node_".$link["source"]."->"."node_".$link["target"]."\n";
+}
- echo "\n\n}\n\n";
+echo "\n\n}\n\n";
- /*
- echo "\ndigraph cfg {\nordering=out;\n";
- foreach ($graphCfgJson["nodes"] as $node) {
- echo "node_".$node["id"]." [label=\"".$node["name"]."\"];\n";
- }
+/*
+echo "\ndigraph cfg {\nordering=out;\n";
+foreach ($graphCfgJson["nodes"] as $node) {
+ echo "node_".$node["id"]." [label=\"".$node["name"]."\"];\n";
+}
- foreach ($graphCfgJson["links"] as $link) {
- echo "node_".$link["source"]."->"."node_".$link["target"]."\n";
- }
-
- echo "\n\n}\n\n";
- */
-} catch (\RuntimeException $e) {
- echo 'Exception : ', $e->getMessage(), "\n";
+foreach ($graphCfgJson["links"] as $link) {
+ echo "node_".$link["source"]."->"."node_".$link["target"]."\n";
}
+
+echo "\n\n}\n\n";
+*/
diff --git a/projects/tests/graphtest2.dot b/projects/tests/graphtest2.dot
deleted file mode 100644
index 79262739..00000000
--- a/projects/tests/graphtest2.dot
+++ /dev/null
@@ -1,61 +0,0 @@
-
-digraph cfg {
-ordering=out;
-node_a88f2bd4d86f39934d32cf755720f84631895fc614329120f7c1e4c8898d33ce [label="enter_func {main}
-enter_block
-start_expression
-funccall secret
-end_expression
-start_expression
-temporary_simple
-end_expression
-definition
-leave_block
-leave_func
-"];
-node_26eed28db0595c1b5b0a27f15f60d6591bde2830db88ebe7155439b6430704e6 [label="enter_func secret
-enter_block
-start_expression
-funccall dev_iam_authenticated
-end_expression
-start_expression
-funccall rand
-end_expression
-leave_block
-leave_block
-leave_block
-leave_func
-"];
-node_bc2cc2132405f78753093324c428e6bd8573cda0032e1f49b487b0377998796b [label="enter_block
-start_expression
-funccall dev_iam_rights
-end_expression
-leave_block
-"];
-node_235e69617f2088e0c1bcb7cad4d44e583956f5f444e377667bfdd424e063ceab [label="enter_block
-start_expression
-start_expression
-funccall dev_retrieve_secret
-end_expression
-definition
-funccall var_dump
-end_expression
-start_expression
-temporary_simple
-end_expression
-definition
-"];
-node_0224bc2af5eaa39cde0e1a84d2c5619d1aad9d775f17ccc155c598a41cd1c4dd [label="enter_block
-start_expression
-funccall nada
-end_expression
-"];
-node_26eed28db0595c1b5b0a27f15f60d6591bde2830db88ebe7155439b6430704e6->node_bc2cc2132405f78753093324c428e6bd8573cda0032e1f49b487b0377998796b
-node_bc2cc2132405f78753093324c428e6bd8573cda0032e1f49b487b0377998796b->node_235e69617f2088e0c1bcb7cad4d44e583956f5f444e377667bfdd424e063ceab
-node_0224bc2af5eaa39cde0e1a84d2c5619d1aad9d775f17ccc155c598a41cd1c4dd->node_235e69617f2088e0c1bcb7cad4d44e583956f5f444e377667bfdd424e063ceab
-node_26eed28db0595c1b5b0a27f15f60d6591bde2830db88ebe7155439b6430704e6->node_0224bc2af5eaa39cde0e1a84d2c5619d1aad9d775f17ccc155c598a41cd1c4dd
-node_a88f2bd4d86f39934d32cf755720f84631895fc614329120f7c1e4c8898d33ce->node_26eed28db0595c1b5b0a27f15f60d6591bde2830db88ebe7155439b6430704e6
-
-
-}
-
diff --git a/projects/tests/graphtest2.png b/projects/tests/graphtest2.png
deleted file mode 100644
index f233473d..00000000
Binary files a/projects/tests/graphtest2.png and /dev/null differ
diff --git a/projects/tests/include_files.json b/projects/tests/include_files.json
index baba29f4..a33552f0 100644
--- a/projects/tests/include_files.json
+++ b/projects/tests/include_files.json
@@ -1,10 +1,6 @@
{
- "include_files":
+ "inclusions":
[
- "./tests/folders/folder2/mix3.php"
- ],
- "include_folders":
- [
- "./tests/folders/folder2/sub_folder1/sub_folder2"
+ "../../../../vulnapps/laravel8/"
]
}
diff --git a/projects/tests/includetest.php b/projects/tests/includetest.php
index b7d20aea..48229fe5 100644
--- a/projects/tests/includetest.php
+++ b/projects/tests/includetest.php
@@ -40,13 +40,13 @@
"./tests/includes/simple8.php",
[["\$_GET[\"p\"]", "3", "xss"]]
],
-
[
"./tests/includes/simple9.php",
- [["158", "3442", "security misconfiguration"],
- ["159", "3521", "security misconfiguration"],
- ["\$pLocation", "505", "header_injection"],
- ["\$page[\"body\"]", "51", "xss"]]
+ [["158", "3599", "security misconfiguration"],
+ ["158", "3599", "security misconfiguration"],
+ ["159", "3679", "security misconfiguration"],
+ ["159", "3679", "security misconfiguration"],
+ ["\$pPage[\"body\"]", "329", "xss"]]
],
[
"./tests/includes/simple10.php",
@@ -60,7 +60,7 @@
[
"./tests/includes/simple12.php",
- [["\${main}_return[\"cb36d7468e442c354c5037bbb4d59b1c\"]", "7", "xss"]]
+ [["\$ret[\"cb36d7468e442c354c5037bbb4d59b1c\"]", "5", "xss"]]
],
[
@@ -86,5 +86,20 @@
[
"./tests/includes/simple17.php",
[["\$var", "3", "xss"]]
+ ],
+
+ [
+ "./tests/includes/simple18.php",
+ [["\$_GET[\"p\"]", "3", "xss"]]
+ ],
+
+ [
+ "./tests/includes/simple19.php",
+ [["\$_GET[\"p\"]", "3", "xss"]]
+ ],
+
+ [
+ "./tests/includes/simple20.php",
+ [["\$comments->post", "6", "xss"]]
]
];
diff --git a/projects/tests/negativetest.php b/projects/tests/negativetest.php
index ec955ccf..10edf678 100644
--- a/projects/tests/negativetest.php
+++ b/projects/tests/negativetest.php
@@ -2,6 +2,27 @@
return [
[
- "./tests/negative/parser_error1..php", []
- ]
+ "./tests/negative/parser_error1.php", []
+ ],
+ [
+ "./tests/negative/parser_error2.php", []
+ ],
+ [
+ "./tests/negative/parser_error3.php", []
+ ],
+ [
+ "./tests/negative/issue_13.php", []
+ ],
+ [
+ "./tests/negative/missing_argument_func.php", []
+ ],
+ [
+ "./tests/negative/undefined_class.php", []
+ ],
+ [
+ "./tests/negative/undefined_func.php", []
+ ],
+ [
+ "./tests/negative/undefined_method.php", []
+ ],
];
diff --git a/projects/tests/ooptest.php b/projects/tests/ooptest.php
index 8b1eea03..4f5a368e 100644
--- a/projects/tests/ooptest.php
+++ b/projects/tests/ooptest.php
@@ -3,11 +3,11 @@
return [
[
"./tests/oop/simple1.php",
- [["\$instance1->boum2", "12", "xss"]]
+ [["\$instance1->boum2", "15", "xss"]]
],
[
"./tests/oop/simple2.php",
- [["\$instance1->boum2", "11", "xss"]]
+ [["\$instance1->boum2", "13", "xss"]]
],
[
"./tests/oop/simple3.php",
@@ -19,19 +19,19 @@
],
[
"./tests/oop/simple5.php",
- [["\$instance->boum1", "25", "xss"]]
+ [["\$get_boum1_return", "14", "xss"]]
],
[
"./tests/oop/simple6.php",
- [["\$instance->boum1", "24", "xss"]]
+ [["\$instance->boum1", "26", "xss"]]
],
[
"./tests/oop/simple7.php",
- [["\$instance->boum1", "15", "xss"]]
+ [["\$instance->boum1", "17", "xss"]]
],
[
"./tests/oop/simple8.php",
- [["\$instance1->boum2", "16", "xss"]]
+ [["\$instance1->boum2", "18", "xss"]]
],
[
"./tests/oop/simple9.php",
@@ -39,49 +39,52 @@
],
[
"./tests/oop/simple10.php",
- [["\$instance1->boum1", "5", "xss"]]
+ [["\$instance1->boum1", "15", "xss"]]
],
[
"./tests/oop/simple11.php",
- [["\$instance1->boum1", "18", "xss"]]
+ [["\$instance1->boum1", "20", "xss"]]
],
[
"./tests/oop/simple12.php",
- [["\$instance1->boum1", "9", "xss"]]
+ [["\$instance1->boum1", "15", "xss"]]
],
[
"./tests/oop/simple13.php",
- [["\$instance1->boum1", "14", "xss"]]
+ [["\$instance1->boum1", "32", "xss"],
+ ["\$instance1->boum1", "36", "xss"]]
],
[
"./tests/oop/simple14.php",
- [["\$instance1->boum2", "11", "xss"]]
+ [["\$instance1->boum2", "16", "xss"]]
],
[
"./tests/oop/simple15.php",
- [["\$this->boum1", "5", "xss"]]
+ [["\$this->boum1", "10", "xss"]]
],
[
"./tests/oop/simple16.php",
- [["\$instance1->boum1", "5", "xss"]]
+ [["\$instance1->boum1", "31", "xss"]]
],
[
"./tests/oop/simple17.php",
- [["\$this->boum1[0]", "9", "xss"]]
+ [["\$copy[0]", "33", "xss"]]
],
[
"./tests/oop/simple18.php",
- [["\$instance1->boum1", "15", "xss"]]
+ [["\$instance1->boum1", "34", "xss"]]
],
[
"./tests/oop/simple19.php",
- [["\$testc1->object1->object2", "29", "xss"],
- ["\$newtestc1->object1", "37", "xss"],
- ["\$newsettestc1->object1", "7", "xss"]]
+ [["\$toto", "30", "xss"],
+ ["\$newtestc1->object1", "40", "xss"],
+ ["\$newsettestc1->object1", "47", "xss"],
+ ["\$testc1_encore2->member1", "67", "xss"],
+ ["\$val", "65", "xss"]]
],
[
"./tests/oop/simple20.php",
- [["\$this->member2", "7", "xss"]]
+ [["\$this->member2", "12", "xss"]]
],
[
"./tests/oop/simple21.php",
@@ -90,9 +93,8 @@
],
[
"./tests/oop/simple22.php",
- [["\$a->data", "11", "xss"],
- ["\$this->data", "6", "xss"],
- ["\$a->data", "11", "xss"]]
+ [["\$a->data", "15", "xss"],
+ ["\$b->data", "18", "xss"]]
],
[
"./tests/oop/simple23/a.php",
@@ -100,17 +102,17 @@
],
[
"./tests/oop/simple24.php",
- [["\$a->data", "6", "xss"],
- ["\$b->data", "6", "xss"]]
+ [["\$a->data", "22", "xss"],
+ ["\$b->data", "31", "xss"]]
],
[
"./tests/oop/simple25.php",
- [["\$query", "6", "sql_injection"]]
+ [["\$query", "7", "sql_injection"]]
],
[
"./tests/oop/simple26.php",
- [["\$_GET[\"t\"]", "17", "xss"],
- ["\$_GET[\"p\"]", "8", "xss"]]
+ [["\$taint2", "15", "xss"],
+ ["\$taint1", "6", "xss"]]
],
[
"./tests/oop/simple27.php",
@@ -127,15 +129,40 @@
],
[
"./tests/oop/simple30.php",
- [["testa::\$stavar", "12", "xss"]]
+ [["testa::\$stavar", "16", "xss"]]
],
[
"./tests/oop/simple31.php",
- [["\$a->stavar", "11", "xss"]]
+ [["\$a->stavar", "14", "xss"]]
],
[
"./tests/oop/simple32.php",
- [["testa::\$stavar", "9", "xss"]]
+ [["testa::\$stavar", "11", "xss"]]
+ ],
+ [
+ "./tests/oop/simple33.php",
+ [["\$tainted", "35", "xss"]]
+ ],
+ [
+ "./tests/oop/simple34.php",
+ [["\$tainted", "16", "xss"]]
+ ],
+ [
+ "./tests/oop/simple35.php",
+ [["\$get_boum1_return", "14", "xss"],
+ ["\$get_boum1_return", "14", "xss"]]
+ ],
+ [
+ "./tests/oop/simple36.php",
+ [["\$aaas->title", "33", "xss"]]
+ ],
+ [
+ "./tests/oop/chained1.php",
+ [["\$tainted", "33", "xss"]]
+ ],
+ [
+ "./tests/oop/chained2.php",
+ [["\$aaa->title", "22", "xss"]]
]
];
diff --git a/projects/tests/optimizationstest.php b/projects/tests/optimizationstest.php
new file mode 100644
index 00000000..363a29dd
--- /dev/null
+++ b/projects/tests/optimizationstest.php
@@ -0,0 +1,7 @@
+_message", "11", "xss"]]
+ ]
+ ];
diff --git a/projects/tests/phpunit.xml.dist b/projects/tests/phpunit.xml.dist
index ebc1d110..05f117af 100644
--- a/projects/tests/phpunit.xml.dist
+++ b/projects/tests/phpunit.xml.dist
@@ -15,6 +15,7 @@
run_all_folders.php
run_flows.php
run_exclude_files.php
+ run_all_configurations.php
diff --git a/projects/tests/phpwandertest.php b/projects/tests/phpwandertest.php
index ebdc68ef..6c192e30 100644
--- a/projects/tests/phpwandertest.php
+++ b/projects/tests/phpwandertest.php
@@ -3,9 +3,9 @@
return [
[
"./tests/phpwander/test0.php",
- [["\$id_return", "4", "file_disclosure"],
- ["\$return_basename", "9", "file_disclosure"],
- ["\$_GET[\"f\"]", "11", "file_disclosure"],
+ [["\$id_return", "4", "path_traversal"],
+ ["\$basename_return", "9", "path_traversal"],
+ ["\$_GET[\"f\"]", "11", "path_traversal"],
["\$b", "9", "xss"],
["\$c", "11", "xss"]]
],
@@ -27,8 +27,8 @@
[
"./tests/phpwander/test4.php",
[[["\$_GET[\"user\"]", "\$_GET[\"password\"]"], ["4", "4"], "sql_injection"],
- ["\$_GET[\"file\"]", "8", "file_inclusion"],
- ["\$user[\"email\"]", "12", "xss"]]
+ ["\$user[\"email\"]", "5", "xss"],
+ ["\$_GET[\"file\"]", "11", "file_inclusion"]]
],
[
"./tests/phpwander/test5.php",
@@ -41,7 +41,7 @@
],
[
"./tests/phpwander/test7.php",
- [["\$param", "9", "xss"]]
+ [["\$param", "10", "xss"]]
],// handle with report confidence to check
[
"./tests/phpwander/test8.php",
@@ -63,7 +63,7 @@
],*/
[
"./tests/phpwander/test12.php",
- [["D::\$vars", "8", "xss"],
+ [["D::\$vars", "10", "xss"],
["\$danger_return", "12", "xss"]]
],// a corriger
[
diff --git a/projects/tests/realtest.php b/projects/tests/realtest.php
index d8c709c6..efcffc41 100644
--- a/projects/tests/realtest.php
+++ b/projects/tests/realtest.php
@@ -18,8 +18,11 @@
],
[
"./tests/real/wordpress1/wp-commentsrss2.php",
- [["\$title", "38", "xss"],
- [array("\$apply_filters_return", "\$apply_filters_return"), array("65", "88"), "xss"]]
+ [["\$title", "40", "xss"]]
+ ],
+ [
+ "./tests/real/wordpress2/wp-commentsrss2.php",
+ [["\$query", "132", "sql_injection"],
+ ["\$this->last_query", "102", "xss"]]
]
-
];
diff --git a/projects/tests/resolve_includes.json b/projects/tests/resolve_includes.json
index 7744f98b..33da466a 100644
--- a/projects/tests/resolve_includes.json
+++ b/projects/tests/resolve_includes.json
@@ -1 +1 @@
-{"includes_not_resolved":""}
\ No newline at end of file
+{"include_failures":""}
\ No newline at end of file
diff --git a/projects/tests/run_all.php b/projects/tests/run_all.php
index 691a2236..b1112c10 100644
--- a/projects/tests/run_all.php
+++ b/projects/tests/run_all.php
@@ -13,20 +13,17 @@ public function testSecurity($file, $expectedVulns)
$context = new \progpilot\Context;
$analyzer = new \progpilot\Analyzer;
- $context->setAnalyzeHardrules(true);
- $context->setAnalyzeFunctions(false);
$context->outputs->taintedFlow(true);
$nbVulns = 0;
$context->inputs->setDev(true);
$context->inputs->setLanguages(["php", "js"]);
$context->inputs->setFile($file);
+ // enable "vendor" folder analysis
+ // test case: tests/real/composer/
+ $context->inputs->setExclusions([]);
- try {
- $analyzer->run($context);
- } catch (Exception $e) {
- echo 'Exception : ', $e->getMessage(), "\n";
- }
+ $analyzer->run($context);
$results = $context->outputs->getResults();
@@ -44,17 +41,17 @@ public function testSecurity($file, $expectedVulns)
}
foreach ($expectedSourceLine as $oneSourceLine) {
- $this->assertContains($oneSourceLine, $vuln["source_line"]);
+ $this->assertContains((int)$oneSourceLine, $vuln["source_line"]);
}
} else {
$this->assertContains($expectedSourceName, $vuln["source_name"]);
- $this->assertContains($expectedSourceLine, $vuln["source_line"]);
+ $this->assertContains((int)$expectedSourceLine, $vuln["source_line"]);
$this->assertEquals($expectedVulnName, $vuln["vuln_name"]);
}
} // custom
else {
- $this->assertEquals($expectedSourceName, $vuln["vuln_line"]);
- $this->assertEquals($expectedSourceLine, $vuln["vuln_column"]);
+ $this->assertEquals((int)$expectedSourceName, $vuln["vuln_line"]);
+ $this->assertEquals((int)$expectedSourceLine, $vuln["vuln_column"]);
$this->assertEquals($expectedVulnName, $vuln["vuln_name"]);
}
} else {
@@ -69,6 +66,7 @@ public function testSecurity($file, $expectedVulns)
public function dataProvider()
{
+ $tabopti = include("optimizationstest.php");
$taboop = include("ooptest.php");
$tabreal = include("realtest.php");
$tabgen = include("generictest.php");
@@ -91,6 +89,7 @@ public function dataProvider()
}
$tab = array_merge(
+ $tabopti,
$taboop,
$tabreal,
$tabgen,
diff --git a/projects/tests/run_all_configurations.php b/projects/tests/run_all_configurations.php
new file mode 100644
index 00000000..5436df0f
--- /dev/null
+++ b/projects/tests/run_all_configurations.php
@@ -0,0 +1,66 @@
+setConfiguration($configfile);
+
+ $analyzer->run($context);
+
+ $results = $context->outputs->getResults();
+
+ foreach ($results as $vuln) {
+ if (isset($expectedVulns[$nbVulns])) {
+ $expectedSourceName = $expectedVulns[$nbVulns][0];
+ $expectedSourceLine = $expectedVulns[$nbVulns][1];
+ $expectedVulnName = $expectedVulns[$nbVulns][2];
+
+ // taint-style
+ if (isset($vuln['source_name']) && isset($vuln['source_line'])) {
+ if (is_array($expectedSourceName) && is_array($expectedSourceLine)) {
+ foreach ($expectedSourceName as $oneSourceName) {
+ $this->assertContains($oneSourceName, $vuln["source_name"]);
+ }
+
+ foreach ($expectedSourceLine as $oneSourceLine) {
+ $this->assertContains((int)$oneSourceLine, $vuln["source_line"]);
+ }
+ } else {
+ $this->assertContains($expectedSourceName, $vuln["source_name"]);
+ $this->assertContains((int)$expectedSourceLine, $vuln["source_line"]);
+ $this->assertEquals($expectedVulnName, $vuln["vuln_name"]);
+ }
+ } // custom
+ else {
+ $this->assertEquals((int)$expectedSourceName, $vuln["vuln_line"]);
+ $this->assertEquals((int)$expectedSourceLine, $vuln["vuln_column"]);
+ $this->assertEquals($expectedVulnName, $vuln["vuln_name"]);
+ }
+ } else {
+ $this->assertTrue(false);
+ }
+
+ $nbVulns ++;
+ }
+
+ $this->assertCount(count($expectedVulns), $results);
+ }
+
+ public function dataProvider()
+ {
+ $tabconfig = include("configtest.php");
+
+ return array_merge($tabconfig);
+ }
+}
diff --git a/projects/tests/run_all_folders.php b/projects/tests/run_all_folders.php
index 3e4719f5..c927b861 100644
--- a/projects/tests/run_all_folders.php
+++ b/projects/tests/run_all_folders.php
@@ -13,19 +13,13 @@ public function testSecurity($folder, $expectedVulns)
$context = new \progpilot\Context;
$analyzer = new \progpilot\Analyzer;
- $context->setAnalyzeHardrules(true);
- $context->setAnalyzeFunctions(false);
$context->outputs->taintedFlow(true);
$nbVulns = 0;
$context->inputs->setDev(true);
$context->inputs->setFolder($folder);
- try {
- $analyzer->run($context);
- } catch (Exception $e) {
- echo 'Exception : ', $e->getMessage(), "\n";
- }
+ $analyzer->run($context);
$results = $context->outputs->getResults();
@@ -43,17 +37,17 @@ public function testSecurity($folder, $expectedVulns)
}
foreach ($expectedSourceLine as $oneSourceLine) {
- $this->assertContains($oneSourceLine, $vuln["source_line"]);
+ $this->assertContains((int)$oneSourceLine, $vuln["source_line"]);
}
} else {
$this->assertContains($expectedSourceName, $vuln["source_name"]);
- $this->assertContains($expectedSourceLine, $vuln["source_line"]);
+ $this->assertContains((int)$expectedSourceLine, $vuln["source_line"]);
$this->assertEquals($expectedVulnName, $vuln["vuln_name"]);
}
} // custom
else {
- $this->assertEquals($expectedSourceName, $vuln["vuln_line"]);
- $this->assertEquals($expectedSourceLine, $vuln["vuln_column"]);
+ $this->assertEquals((int)$expectedSourceName, $vuln["vuln_line"]);
+ $this->assertEquals((int)$expectedSourceLine, $vuln["vuln_column"]);
$this->assertEquals($expectedVulnName, $vuln["vuln_name"]);
}
} else {
diff --git a/projects/tests/run_config.php b/projects/tests/run_config.php
new file mode 100644
index 00000000..8dcc3015
--- /dev/null
+++ b/projects/tests/run_config.php
@@ -0,0 +1,14 @@
+ 1) {
+ $context = new \progpilot\Context;
+ $analyzer = new \progpilot\Analyzer;
+
+ $context->setConfiguration($argv[1]);
+
+ $analyzer->run($context);
+
+ var_dump($context->outputs->getResults());
+}
diff --git a/projects/tests/run_exclude_files.php b/projects/tests/run_exclude_files.php
index cf2977ce..5edeadf2 100644
--- a/projects/tests/run_exclude_files.php
+++ b/projects/tests/run_exclude_files.php
@@ -13,25 +13,20 @@ public function testSecurity($folder, $expectedVulns)
$context = new \progpilot\Context;
$analyzer = new \progpilot\Analyzer;
- $context->setAnalyzeHardrules(true);
- $context->setAnalyzeFunctions(false);
$context->outputs->taintedFlow(true);
- $arr = array(
- "exclude_files" => ["./tests/folders/folder2/mix3.php"],
- "exclude_folders" => ["./tests/folders/folder2/sub_folder1/sub_folder2"]
- );
+ $exclusions = [
+ "./tests/folders/folder2/mix3.php",
+ "./tests/folders/folder2/sub_folder1/sub_folder2",
+ "onefolderexcludedtest",
+ "onefileexcludedtest.php"
+ ];
$nbVulns = 0;
$context->inputs->setDev(true);
- $context->inputs->setExcludes($arr);
+ $context->inputs->setExclusions($exclusions);
$context->inputs->setFolder($folder);
-
- try {
- $analyzer->run($context);
- } catch (Exception $e) {
- echo 'Exception : ', $e->getMessage(), "\n";
- }
+ $analyzer->run($context);
$results = $context->outputs->getResults();
@@ -49,17 +44,17 @@ public function testSecurity($folder, $expectedVulns)
}
foreach ($expectedSourceLine as $oneSourceLine) {
- $this->assertContains($oneSourceLine, $vuln["source_line"]);
+ $this->assertContains((int)$oneSourceLine, $vuln["source_line"]);
}
} else {
$this->assertContains($expectedSourceName, $vuln["source_name"]);
- $this->assertContains($expectedSourceLine, $vuln["source_line"]);
+ $this->assertContains((int)$expectedSourceLine, $vuln["source_line"]);
$this->assertEquals($expectedVulnName, $vuln["vuln_name"]);
}
} // custom
else {
- $this->assertEquals($expectedSourceName, $vuln["vuln_line"]);
- $this->assertEquals($expectedSourceLine, $vuln["vuln_column"]);
+ $this->assertEquals((int)$expectedSourceName, $vuln["vuln_line"]);
+ $this->assertEquals((int)$expectedSourceLine, $vuln["vuln_column"]);
$this->assertEquals($expectedVulnName, $vuln["vuln_name"]);
}
} else {
diff --git a/projects/tests/run_file.php b/projects/tests/run_file.php
index 12ba3a22..e21714ef 100644
--- a/projects/tests/run_file.php
+++ b/projects/tests/run_file.php
@@ -2,27 +2,20 @@
require_once './vendor/autoload.php';
-try {
- if ($argc > 1) {
- $context = new \progpilot\Context;
- $analyzer = new \progpilot\Analyzer;
- $context->inputs->setFile($argv[1]);
- $context->inputs->setDev(true);
- $context->inputs->setLanguages(["php", "js"]);
- $context->inputs->setFrameworks(["suitecrm", "codeigniter", "wordpress", "prestashop", "symfony"]);
+if ($argc > 1) {
+ $context = new \progpilot\Context;
+ $analyzer = new \progpilot\Analyzer;
+ $context->inputs->setFile($argv[1]);
+ $context->inputs->setDev(true);
+ $context->inputs->setLanguages(["php", "js"]);
- $context->setAnalyzeHardrules(true);
- $context->setAnalyzeFunctions(false);
- $context->outputs->taintedFlow(true);
+ $context->setDebugMode(true);
+ $context->outputs->taintedFlow(true);
+ /*
+ $context->outputs->resolveIncludes(true);
+ $context->outputs->resolveIncludesFile("tmpresolvedincludes.json");
+ */
+ $analyzer->run($context);
- try {
- $analyzer->run($context);
- } catch (Exception $e) {
- echo 'Exception : ', $e->getMessage(), "\n";
- }
-
- var_dump($context->outputs->getResults());
- }
-} catch (\RuntimeException $e) {
- $result = $e->getMessage();
+ var_dump($context->outputs->getResults());
}
diff --git a/projects/tests/run_flows.php b/projects/tests/run_flows.php
index b3e5afe6..62a4f312 100644
--- a/projects/tests/run_flows.php
+++ b/projects/tests/run_flows.php
@@ -13,19 +13,12 @@ public function testSecurity($file, $expectedVulns)
$context = new \progpilot\Context;
$analyzer = new \progpilot\Analyzer;
- $context->setAnalyzeHardrules(true);
- $context->setAnalyzeFunctions(false);
$context->outputs->taintedFlow(true);
$nbVulns = 0;
$context->inputs->setDev(true);
$context->inputs->setFile($file);
-
- try {
- $analyzer->run($context);
- } catch (Exception $e) {
- echo 'Exception : ', $e->getMessage(), "\n";
- }
+ $analyzer->run($context);
$results = $context->outputs->getResults();
diff --git a/projects/tests/run_folder.php b/projects/tests/run_folder.php
new file mode 100644
index 00000000..20c64f2b
--- /dev/null
+++ b/projects/tests/run_folder.php
@@ -0,0 +1,23 @@
+ 1) {
+ $context = new \progpilot\Context;
+ $analyzer = new \progpilot\Analyzer;
+ $context->inputs->setFolder($argv[1]);
+ $context->inputs->setDev(true);
+ $context->inputs->setLanguages(["php", "js"]);
+ $context->setDebugMode(true);
+ $context->outputs->taintedFlow(true);
+
+ $exclusions = [
+ "./tests/folders/folder2/mix3.php",
+ "./tests/folders/folder2/sub_folder1/sub_folder2"
+ ];
+
+ $context->inputs->addExclusions($exclusions);
+ $analyzer->run($context);
+
+ var_dump($context->outputs->getResults());
+}
diff --git a/projects/tests/run_include_files.php b/projects/tests/run_include_files.php
index 83d80011..969b02d9 100644
--- a/projects/tests/run_include_files.php
+++ b/projects/tests/run_include_files.php
@@ -2,24 +2,23 @@
require_once './vendor/autoload.php';
-try {
- $context = new \progpilot\Context;
- $analyzer = new \progpilot\Analyzer;
+$context = new \progpilot\Context;
+$analyzer = new \progpilot\Analyzer;
- $context->inputs->setDev(true);
- $context->inputs->setIncludeFiles("include_files.json");
+$context->inputs->setDev(true);
+$context->outputs->taintedFlow(true);
+$context->setDebugMode(true);
+$context->inputs->setInclusions("include_files.json");
- try {
- $analyzer->run($context);
- } catch (Exception $e) {
- echo 'Exception : ', $e->getMessage(), "\n";
- }
+$var = function ($result) {
+ echo "a result:\n";
+ var_dump($result);
+};
+$context->outputs->setOnAddResult($var);
+$analyzer->run($context);
- $results = $context->outputs->getResults();
- $outputjson = array('results' => $results);
- $parsed_json = $outputjson["results"];
+$results = $context->outputs->getResults();
+$outputjson = array('results' => $results);
+$parsed_json = $outputjson["results"];
- var_dump($parsed_json);
-} catch (\RuntimeException $e) {
- $result = $e->getMessage();
-}
+var_dump($parsed_json);
diff --git a/projects/tests/storedtest.php b/projects/tests/storedtest.php
new file mode 100644
index 00000000..2070bb9b
--- /dev/null
+++ b/projects/tests/storedtest.php
@@ -0,0 +1,16 @@
+setAnalyzeJs(false);
$context->setAnalyzeIncludes(false);
$context->inputs->setCode($code);
-try {
- $analyzer->run($context);
-} catch (Exception $e) {
- echo 'Exception : ', $e->getMessage(), "\n";
-}
+$analyzer->run($context);
$results = $context->outputs->getAst();
diff --git a/projects/tests/testcode.php b/projects/tests/testcode.php
index a43fba47..8e123883 100644
--- a/projects/tests/testcode.php
+++ b/projects/tests/testcode.php
@@ -16,12 +16,7 @@
$analyzer = new \progpilot\Analyzer;
$context->inputs->setCode($code);
-
-try {
- $analyzer->run($context);
-} catch (Exception $e) {
- echo 'Exception : ', $e->getMessage(), "\n";
-}
+$analyzer->run($context);
$results = $context->outputs->getResults();
$outputjson = array('results' => $results);
diff --git a/projects/tests/testfalsepositives.php b/projects/tests/testfalsepositives.php
index 23c20038..617aff98 100644
--- a/projects/tests/testfalsepositives.php
+++ b/projects/tests/testfalsepositives.php
@@ -17,7 +17,7 @@
$arr = [
array("vuln_id" => "a6c0d68d130972bd4e23ae6c68d548d5cf8d40a78e73136a1b89dab8f3b441c1")
];
-$context->setAnalyzeHardrules(true);
+
$context->inputs->setDev(true);
$context->inputs->setFile("./tests/custom/custom1.php");
$context->inputs->setFalsePositives($arr);
diff --git a/projects/tests/tests/conditions/condition5.php b/projects/tests/tests/conditions/condition5.php
index e2866547..b949521e 100644
--- a/projects/tests/tests/conditions/condition5.php
+++ b/projects/tests/tests/conditions/condition5.php
@@ -3,7 +3,7 @@
$tainted = $_GET["p"];
$legal_table = array("safe1", "safe2");
-if (!in_array($tainted, $legal_table, true) && in_array($tainted, $legal_table, true)) {
+if (!in_array($tainted, $legal_table, true)) {
$tainted = $tainted;
} else {
$tainted = $legal_table[0];
diff --git a/projects/tests/tests/conditions/condition7.php b/projects/tests/tests/conditions/condition7.php
index bd080efa..629e6ee9 100644
--- a/projects/tests/tests/conditions/condition7.php
+++ b/projects/tests/tests/conditions/condition7.php
@@ -4,6 +4,10 @@
$safe = (int) $tainted;
+$notsafe = (string) $tainted;
+
+echo $notsafe;
+
echo $safe;
echo $tainted;
diff --git a/projects/tests/tests/conditions/condition8.php b/projects/tests/tests/conditions/condition8.php
index ea092238..fca1b524 100644
--- a/projects/tests/tests/conditions/condition8.php
+++ b/projects/tests/tests/conditions/condition8.php
@@ -4,54 +4,55 @@
$tainted = $_GET["p"];
if (filter_var($tainted, FILTER_VALIDATE_BOOLEAN)) {
- echo $tainted;
+ echo $tainted; // OK
}
$tainted = $_GET["p"];
if (filter_var($tainted, FILTER_VALIDATE_FLOAT)) {
- echo $tainted;
+ echo $tainted; // OK
}
$tainted = $_GET["p"];
if (filter_var($tainted, FILTER_VALIDATE_INT)) {
- echo $tainted;
+ echo $tainted; // OK
}
$tainted = $_GET["p"];
if (filter_var($tainted, FILTER_VALIDATE_IP)) {
- echo $tainted;
+ echo $tainted; // OK
}
$tainted = $_GET["p"];
if (filter_var($tainted, FILTER_VALIDATE_MAC)) {
- echo $tainted;
+ echo $tainted; // OK
}
$tainted = $_GET["p"];
if (filter_var($tainted, FILTER_VALIDATE_URL)) {
- echo $tainted;
+ echo $tainted; // OK
}
-/*
+
$tainted = $_GET["p"];
if(filter_var($tainted, FILTER_VALIDATE_EMAIL))
{
- echo $tainted;
+ echo $tainted;// KO
}
-*/
+
$tainted = $_GET["p"];
if (filter_var($tainted, FILTER_VALIDATE_REGEXP)) {
- echo $tainted;
+ echo $tainted; // KO
}
$tainted = $_GET["p"];
-if (filter_var($tainted, nexiste_pas)) {
- echo $tainted;
+if (filter_var($tainted, $nexiste_pas)) {
+ echo $tainted; // KO
}
+
diff --git a/projects/tests/tests/custom/conditionalvalues.php b/projects/tests/tests/custom/conditionalvalues.php
new file mode 100644
index 00000000..86904855
--- /dev/null
+++ b/projects/tests/tests/custom/conditionalvalues.php
@@ -0,0 +1,12 @@
+
+
diff --git a/projects/tests/tests/custom/cookies1.php b/projects/tests/tests/custom/cookies1.php
new file mode 100644
index 00000000..9313d326
--- /dev/null
+++ b/projects/tests/tests/custom/cookies1.php
@@ -0,0 +1,9 @@
+ 'Lax'
);
-setcookie("token", $token, $options);
-
+setcookie("token", "123", $options);
diff --git a/projects/tests/tests/custom/unsetcookies.php b/projects/tests/tests/custom/unsetcookies.php
new file mode 100644
index 00000000..f9c113c3
--- /dev/null
+++ b/projects/tests/tests/custom/unsetcookies.php
@@ -0,0 +1,17 @@
+middle_object"}
$instance2 = new known_class1;
-$instance2->middle_object->mysink($_GET["p"]);
+$instance2->middle_object_unknown->mysink($_GET["p"]);
// 1)c) : should be found by this sink declaration : {"name" : "mysink", "instanceof" : "known_class1->middle_object"}
diff --git a/projects/tests/tests/data/source16.php b/projects/tests/tests/data/source16.php
index 17b9aa23..7ce1c1fb 100644
--- a/projects/tests/tests/data/source16.php
+++ b/projects/tests/tests/data/source16.php
@@ -3,8 +3,26 @@
while($row = mysql_fetch_object($result)) {
echo $row->fullname;
}
+/*
+switch($baba) {
+ case '1':
+ $html = "case1";
+ break;
+ case '2':
+ $html = "case1";
+ break;
+}
+echo $html;*/
/*
$row = mysql_fetch_object($result);
echo $row->fullname;
*/
+
+
+if($vuln == "") {
+$html = "toto";
+}
+else {
+$html = "ldld";
+}
diff --git a/projects/tests/tests/data/source20.php b/projects/tests/tests/data/source20.php
index d0ac4bf9..fc18ab01 100644
--- a/projects/tests/tests/data/source20.php
+++ b/projects/tests/tests/data/source20.php
@@ -1,25 +1,8 @@
get_results("SELECT comment_ID, comment_author, comment_author_email,
-comment_author_url, comment_date, comment_date_gmt, comment_content, comment_post_ID,
-$wpdb->posts.ID, $wpdb->posts.post_password FROM $wpdb->comments
-LEFT JOIN $wpdb->posts ON comment_post_id = id WHERE $wpdb->posts.post_status IN ('publish', 'static', 'object')
-AND $wpdb->comments.comment_approved = '1' AND post_date_gmt < '" . gmdate("Y-m-d H:i:s") . "'
-ORDER BY comment_date_gmt DESC LIMIT " . get_settings('posts_per_rss') );
-
-// this line is WordPress' motor, do not delete it.
-if ($comments) {
- foreach ($comments as $comment) {
- // Some plugins may need to know the metadata
- // associated with this comment's post:
- get_post_custom($comment->comment_post_ID);
-
- echo $comment->ddd;
- }
-}
+echo $b;
diff --git a/projects/tests/tests/data/source21.php b/projects/tests/tests/data/source21.php
new file mode 100644
index 00000000..b610167a
--- /dev/null
+++ b/projects/tests/tests/data/source21.php
@@ -0,0 +1,21 @@
+last_result = null; // block 9
+ if(true) {
+ echo "baba"; // block 19
+ }
+ else {
+ echo "titi"; // block 33
+
+ while ( $row = @mysql_fetch_object(true) ) { // block 41 et 48 (row)
+ $this->last_result = $row; // block 52
+ }
+
+ echo "bibi"; // block 62
+ }
+
+ echo $this->last_result->title; // block 26
+ }
+}
diff --git a/projects/tests/tests/data/source3.php b/projects/tests/tests/data/source3.php
index c8bedaa5..fbf4be04 100644
--- a/projects/tests/tests/data/source3.php
+++ b/projects/tests/tests/data/source3.php
@@ -1,5 +1,5 @@
comment_ID' class='$class'>";
-
-?>
diff --git a/projects/tests/tests/generic/functions19.php b/projects/tests/tests/generic/functions19.php
index 3b34e102..4e1fb203 100644
--- a/projects/tests/tests/generic/functions19.php
+++ b/projects/tests/tests/generic/functions19.php
@@ -6,5 +6,6 @@ function testf1($param2)
echo $param2["test"];
}
+$toto = array("test" => $_GET["p"]);
testf1(array("test" => $_GET["p"]));
diff --git a/projects/tests/tests/generic/functions2.php b/projects/tests/tests/generic/functions2.php
index 92064c09..2f6923f0 100644
--- a/projects/tests/tests/generic/functions2.php
+++ b/projects/tests/tests/generic/functions2.php
@@ -2,9 +2,9 @@
function testf($parama, $boum, $tchka)
{
- return $parama;
+ return [$parama, ""];
}
$safea = testf($_GET["p"], "argument2", "argument3");
-echo $safea;
+echo $safea[0];
diff --git a/projects/tests/tests/generic/functions20.php b/projects/tests/tests/generic/functions20.php
new file mode 100644
index 00000000..8c5c6835
--- /dev/null
+++ b/projects/tests/tests/generic/functions20.php
@@ -0,0 +1,26 @@
+ $file) { // block 10
+ echo $file;
+ }
diff --git a/projects/tests/tests/generic/loop2.php b/projects/tests/tests/generic/loop2.php
new file mode 100644
index 00000000..2f548228
--- /dev/null
+++ b/projects/tests/tests/generic/loop2.php
@@ -0,0 +1,10 @@
+result) ) { // block 29 (row) & 22 (fetch)
+ echo $row->title; // block 33
+ }
+ }
+ echo "salut"; // block 13
diff --git a/projects/tests/tests/generic/loop3.php b/projects/tests/tests/generic/loop3.php
new file mode 100644
index 00000000..b036b5d2
--- /dev/null
+++ b/projects/tests/tests/generic/loop3.php
@@ -0,0 +1,7 @@
+title;
+}
+
diff --git a/projects/tests/tests/generic/loop4.php b/projects/tests/tests/generic/loop4.php
new file mode 100644
index 00000000..0d75799f
--- /dev/null
+++ b/projects/tests/tests/generic/loop4.php
@@ -0,0 +1,20 @@
+last_query;
+ }
+
+ function query($query) {
+ $this->last_query = $query;
+ if ( true ) {
+ $this->print_error();
+ }
+ }
+}
+
+
+$wpdb = new wpdb;
+$wpdb->query($_GET["p"]);
+
diff --git a/projects/tests/tests/generic/simple1.php b/projects/tests/tests/generic/simple1.php
index 464293c1..87a30f30 100644
--- a/projects/tests/tests/generic/simple1.php
+++ b/projects/tests/tests/generic/simple1.php
@@ -1,6 +1,6 @@
'Damn Vulnerable Web Application (DVWA) v' . dvwaVersionGet() . '',
- 'title_separator' => ' :: ',
- 'bodyff' => '',
- 'page_id' => '',
- 'help_button' => '',
- 'source_button'=>'qsd'
- );
-
- return $returnArray;
-}
-
-function dvwaSecurityLevelGet()
-{
- return isset($_COOKIE[ 'security' ]) ? $_COOKIE[ 'security' ] : 'impossible';
-}
-
-
-function dvwaSecurityLevelSet($pSecurityLevel)
-{
- if ($pSecurityLevel == 'impossible') {
- $httponly = true;
- } else {
- $httponly = false;
- }
- setcookie(session_name(), session_id(), null, '/', null, null, $httponly);
- setcookie('security', $pSecurityLevel, null, null, null, null, $httponly);
-}
-
-
-// Start message functions --
-
-function dvwaMessagePush($pMessage)
-{
- $dvwaSession =& dvwaSessionGrab();
- if (!isset($dvwaSession[ 'messages' ])) {
- $dvwaSession[ 'messages' ] = array();
- }
- $dvwaSession[ 'messages' ][] = $pMessage;
-}
-
-
-function dvwaMessagePop()
-{
- $dvwaSession =& dvwaSessionGrab();
- if (!isset($dvwaSession[ 'messages' ]) || count($dvwaSession[ 'messages' ]) == 0) {
- return false;
- }
- return array_shift($dvwaSession[ 'messages' ]);
-}
-
-
-function messagesPopAllToHtml()
-{
- $messagesHtml = '';
- while ($message = dvwaMessagePop()) { // TODO- sharpen!
- $messagesHtml .= "{$message}
";
- }
-
- return $messagesHtml;
-}
-// --END (message functions)
-
-function dvwaHtmlEcho($pPage)
-{
- $menuBlocks = array();
-
- $menuBlocks[ 'home' ] = array();
- if (dvwaIsLoggedIn()) {
- $menuBlocks[ 'home' ][] = array( 'id' => 'home', 'name' => 'Home', 'url' => '.' );
- $menuBlocks[ 'home' ][] = array( 'id' => 'instructions', 'name' => 'Instructions', 'url' => 'instructions.php' );
- $menuBlocks[ 'home' ][] = array( 'id' => 'setup', 'name' => 'Setup / Reset DB', 'url' => 'setup.php' );
- } else {
- $menuBlocks[ 'home' ][] = array( 'id' => 'setup', 'name' => 'Setup DVWA', 'url' => 'setup.php' );
- $menuBlocks[ 'home' ][] = array( 'id' => 'instructions', 'name' => 'Instructions', 'url' => 'instructions.php' );
- }
-
- if (dvwaIsLoggedIn()) {
- $menuBlocks[ 'vulnerabilities' ] = array();
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'brute', 'name' => 'Brute Force', 'url' => 'vulnerabilities/brute/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'exec', 'name' => 'Command Injection', 'url' => 'vulnerabilities/exec/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'csrf', 'name' => 'CSRF', 'url' => 'vulnerabilities/csrf/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'fi', 'name' => 'File Inclusion', 'url' => 'vulnerabilities/fi/.?page=include.php' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'upload', 'name' => 'File Upload', 'url' => 'vulnerabilities/upload/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'captcha', 'name' => 'Insecure CAPTCHA', 'url' => 'vulnerabilities/captcha/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'sqli', 'name' => 'SQL Injection', 'url' => 'vulnerabilities/sqli/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'sqli_blind', 'name' => 'SQL Injection (Blind)', 'url' => 'vulnerabilities/sqli_blind/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'weak_id', 'name' => 'Weak Session IDs', 'url' => 'vulnerabilities/weak_id/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'xss_d', 'name' => 'XSS (DOM)', 'url' => 'vulnerabilities/xss_d/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'xss_r', 'name' => 'XSS (Reflected)', 'url' => 'vulnerabilities/xss_r/' );
- $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'xss_s', 'name' => 'XSS (Stored)', 'url' => 'vulnerabilities/xss_s/' );
- }
-
- $menuBlocks[ 'meta' ] = array();
- if (dvwaIsLoggedIn()) {
- $menuBlocks[ 'meta' ][] = array( 'id' => 'security', 'name' => 'DVWA Security', 'url' => 'security.php' );
- $menuBlocks[ 'meta' ][] = array( 'id' => 'phpinfo', 'name' => 'PHP Info', 'url' => 'phpinfo.php' );
- }
- $menuBlocks[ 'meta' ][] = array( 'id' => 'about', 'name' => 'About', 'url' => 'about.php' );
-
- if (dvwaIsLoggedIn()) {
- $menuBlocks[ 'logout' ] = array();
- $menuBlocks[ 'logout' ][] = array( 'id' => 'logout', 'name' => 'Logout', 'url' => 'logout.php' );
- }
-
- $menuHtml = '';
-
- foreach ($menuBlocks as $menuBlock) {
- $menuBlockHtml = '';
- foreach ($menuBlock as $menuItem) {
- $selectedClass = ($menuItem[ 'id' ] == $pPage[ 'page_id' ]) ? 'selected' : '';
- $fixedUrl = DVWA_WEB_PAGE_TO_ROOT.$menuItem[ 'url' ];
- $menuBlockHtml .= "{$menuItem[ 'name' ]}\n";
- }
- $menuHtml .= "";
- }
-
- // Get security cookie --
- $securityLevelHtml = '';
- switch (dvwaSecurityLevelGet()) {
- case 'low':
- $securityLevelHtml = 'low';
- break;
- case 'medium':
- $securityLevelHtml = 'medium';
- break;
- case 'high':
- $securityLevelHtml = 'high';
- break;
- default:
- $securityLevelHtml = 'impossible';
- break;
- }
- // -- END (security cookie)
-
- $phpIdsHtml = 'PHPIDS: ' . (dvwaPhpIdsIsEnabled() ? 'enabled' : 'disabled');
- $userInfoHtml = 'Username: ' . (dvwaCurrentUser());
-
- $messagesHtml = messagesPopAllToHtml();
- if ($messagesHtml) {
- $messagesHtml = "{$messagesHtml}
";
- }
-
- $systemInfoHtml = "";
- if (dvwaIsLoggedIn()) {
- $systemInfoHtml = "{$userInfoHtml}
Security Level: {$securityLevelHtml}
{$phpIdsHtml}
";
- }
- if ($pPage[ 'source_button' ]) {
- $systemInfoHtml = dvwaButtonSourceHtmlGet($pPage[ 'source_button' ]) . " $systemInfoHtml";
- }
- if ($pPage[ 'help_button' ]) {
- $systemInfoHtml = dvwaButtonHelpHtmlGet($pPage[ 'help_button' ]) . " $systemInfoHtml";
- }
-
- // Send Headers + main HTML code
- Header('Cache-Control: no-cache, must-revalidate'); // HTTP/1.1
- Header('Content-Type: text/html;charset=utf-8'); // TODO- proper XHTML headers...
- Header('Expires: Tue, 23 Jun 2009 12:00:00 GMT'); // Date in the past
-
+ 'Damn Vulnerable Web Application (DVWA) v' . dvwaVersionGet() . '',
+ 'title_separator' => ' :: ',
+ 'bodyff' => '',
+ 'page_id' => '',
+ 'help_button' => '',
+ 'source_button'=>'qsd'
+ );
+
+ return $returnArray;
+}
+
+function dvwaSecurityLevelGet()
+{
+ return isset($_COOKIE[ 'security' ]) ? $_COOKIE[ 'security' ] : 'impossible';
+}
+
+
+function dvwaSecurityLevelSet($pSecurityLevel)
+{
+ if ($pSecurityLevel == 'impossible') {
+ $httponly = true;
+ } else {
+ $httponly = false;
+ }
+ setcookie(session_name(), session_id(), null, '/', null, null, $httponly);
+ setcookie('security', $pSecurityLevel, null, null, null, null, $httponly);
+}
+
+
+// Start message functions --
+
+function dvwaMessagePush($pMessage)
+{
+ $dvwaSession =& dvwaSessionGrab();
+ if (!isset($dvwaSession[ 'messages' ])) {
+ $dvwaSession[ 'messages' ] = array();
+ }
+ $dvwaSession[ 'messages' ][] = $pMessage;
+}
+
+
+function dvwaMessagePop()
+{
+ $dvwaSession =& dvwaSessionGrab();
+ if (!isset($dvwaSession[ 'messages' ]) || count($dvwaSession[ 'messages' ]) == 0) {
+ return false;
+ }
+ return array_shift($dvwaSession[ 'messages' ]);
+}
+
+
+function messagesPopAllToHtml()
+{
+ $messagesHtml = '';
+ while ($message = dvwaMessagePop()) { // TODO- sharpen!
+ $messagesHtml .= "{$message}
";
+ }
+
+ return $messagesHtml;
+}
+// --END (message functions)
+
+function dvwaHtmlEcho($pPage)
+{
+ $menuBlocks = array();
+
+ $menuBlocks[ 'home' ] = array();
+ if (dvwaIsLoggedIn()) {
+ $menuBlocks[ 'home' ][] = array( 'id' => 'home', 'name' => 'Home', 'url' => '.' );
+ $menuBlocks[ 'home' ][] = array( 'id' => 'instructions', 'name' => 'Instructions', 'url' => 'instructions.php' );
+ $menuBlocks[ 'home' ][] = array( 'id' => 'setup', 'name' => 'Setup / Reset DB', 'url' => 'setup.php' );
+ } else {
+ $menuBlocks[ 'home' ][] = array( 'id' => 'setup', 'name' => 'Setup DVWA', 'url' => 'setup.php' );
+ $menuBlocks[ 'home' ][] = array( 'id' => 'instructions', 'name' => 'Instructions', 'url' => 'instructions.php' );
+ }
+
+ if (dvwaIsLoggedIn()) {
+ $menuBlocks[ 'vulnerabilities' ] = array();
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'brute', 'name' => 'Brute Force', 'url' => 'vulnerabilities/brute/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'exec', 'name' => 'Command Injection', 'url' => 'vulnerabilities/exec/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'csrf', 'name' => 'CSRF', 'url' => 'vulnerabilities/csrf/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'fi', 'name' => 'File Inclusion', 'url' => 'vulnerabilities/fi/.?page=include.php' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'upload', 'name' => 'File Upload', 'url' => 'vulnerabilities/upload/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'captcha', 'name' => 'Insecure CAPTCHA', 'url' => 'vulnerabilities/captcha/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'sqli', 'name' => 'SQL Injection', 'url' => 'vulnerabilities/sqli/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'sqli_blind', 'name' => 'SQL Injection (Blind)', 'url' => 'vulnerabilities/sqli_blind/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'weak_id', 'name' => 'Weak Session IDs', 'url' => 'vulnerabilities/weak_id/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'xss_d', 'name' => 'XSS (DOM)', 'url' => 'vulnerabilities/xss_d/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'xss_r', 'name' => 'XSS (Reflected)', 'url' => 'vulnerabilities/xss_r/' );
+ $menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'xss_s', 'name' => 'XSS (Stored)', 'url' => 'vulnerabilities/xss_s/' );
+ }
+
+ $menuBlocks[ 'meta' ] = array();
+ if (dvwaIsLoggedIn()) {
+ $menuBlocks[ 'meta' ][] = array( 'id' => 'security', 'name' => 'DVWA Security', 'url' => 'security.php' );
+ $menuBlocks[ 'meta' ][] = array( 'id' => 'phpinfo', 'name' => 'PHP Info', 'url' => 'phpinfo.php' );
+ }
+ $menuBlocks[ 'meta' ][] = array( 'id' => 'about', 'name' => 'About', 'url' => 'about.php' );
+
+ if (dvwaIsLoggedIn()) {
+ $menuBlocks[ 'logout' ] = array();
+ $menuBlocks[ 'logout' ][] = array( 'id' => 'logout', 'name' => 'Logout', 'url' => 'logout.php' );
+ }
+
+ $menuHtml = '';
+
+ foreach ($menuBlocks as $menuBlock) {
+ $menuBlockHtml = '';
+ foreach ($menuBlock as $menuItem) {
+ $selectedClass = ($menuItem[ 'id' ] == $pPage[ 'page_id' ]) ? 'selected' : '';
+ $fixedUrl = DVWA_WEB_PAGE_TO_ROOT.$menuItem[ 'url' ];
+ $menuBlockHtml .= "{$menuItem[ 'name' ]}\n";
+ }
+ $menuHtml .= "";
+ }
+
+ // Get security cookie --
+ $securityLevelHtml = '';
+ switch (dvwaSecurityLevelGet()) {
+ case 'low':
+ $securityLevelHtml = 'low';
+ break;
+ case 'medium':
+ $securityLevelHtml = 'medium';
+ break;
+ case 'high':
+ $securityLevelHtml = 'high';
+ break;
+ default:
+ $securityLevelHtml = 'impossible';
+ break;
+ }
+ // -- END (security cookie)
+
+ $phpIdsHtml = 'PHPIDS: ' . (dvwaPhpIdsIsEnabled() ? 'enabled' : 'disabled');
+ $userInfoHtml = 'Username: ' . (dvwaCurrentUser());
+
+ $messagesHtml = messagesPopAllToHtml();
+ if ($messagesHtml) {
+ $messagesHtml = "{$messagesHtml}
";
+ }
+
+ $systemInfoHtml = "";
+ if (dvwaIsLoggedIn()) {
+ $systemInfoHtml = "{$userInfoHtml}
Security Level: {$securityLevelHtml}
{$phpIdsHtml}
";
+ }
+ if ($pPage[ 'source_button' ]) {
+ $systemInfoHtml = dvwaButtonSourceHtmlGet($pPage[ 'source_button' ]) . " $systemInfoHtml";
+ }
+ if ($pPage[ 'help_button' ]) {
+ $systemInfoHtml = dvwaButtonHelpHtmlGet($pPage[ 'help_button' ]) . " $systemInfoHtml";
+ }
+
+ // Send Headers + main HTML code
+ Header('Cache-Control: no-cache, must-revalidate'); // HTTP/1.1
+ Header('Content-Type: text/html;charset=utf-8'); // TODO- proper XHTML headers...
+ Header('Expires: Tue, 23 Jun 2009 12:00:00 GMT'); // Date in the past
+
echo "
@@ -349,16 +349,16 @@ function dvwaHtmlEcho($pPage)
-